Attack of the week: DUHK
https://blog.cryptographyengineering.com/2017/10/23/attack-of-the-week-duhk/ [blog.cryptographyengineering.com]
2017-10-23 20:28
The paper is called “Practical state recovery attacks against legacy RNG implementation“, and it attacks an old vulnerability in a pseudorandom number generator called ANSI X9.31, which is used in a lot of government certified products. The TL;DR is that this ANSI generator really sucks, and is easy to misuse. Worse, when it’s misused — as it has been — some very bad things can happen to the cryptography that relies on it.
See also: https://duhkattack.com/
source: green