kfz versicherung writes: "Defining algorithm for random numbers is one of the hardest fields in mathematics. We all know Microsoft failed miserably, even Linux (pdf) and SSL had their fair share of troubles. But now Bruce Schneier tells us the Strange Story of Dual_EC_DRBG, one of four random number generation algorithms standardized by the NSA (pdf). While on first look just slower than the other three, Dan Shumow and Niels Ferguson showed at Crypto 2007 that the algorithm contains a weakness that can only be described a backdoor. Their presentation showed that the constants used have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output."