Exploit Information Leaks in Random Numbers from Python, Ruby and PHP

[Moto7451]

Very very minor nitpick/addendum to your point. Some languages let you swap out the rand function for a secure implementation. In those cases its important to make sure that that mechanism is actually in place.

In Perl for example:

http://search.cpan.org/~mkanat/Math-Random-Secure-0.06/lib/M...

[tptacek]

Which is evil, because you want assessors and code reviewers to be able to quickly spot which RNG you're using.

[seats]

Not to mention wanting something to break if the secure implementation somehow were separated from the code using it (versus silently reverting to PRNG).