Pseudo-random number generators (PRNGs) are critical pieces of security
infrastructure. Yet, PRNGs are surprisingly difficult to design,
implement, and debug. The PRNG vulnerability that we recently found in
GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several
expert audits. In this presentation, we not only describe the details of
the flaw but, based on our research, explain why the current state of
PRNG implementation and quality assurance downright provokes incidents.
We also present a PRNG analysis method that we developed and give
specific recommendations to implementors of software producing or
consuming pseudo-random numbers to ensure correctness.
