One place I've seen atrocious PRNG use is in web applications. Web app developers often roll their own salt generators, or session token generators, or random password generators... then rely on a libc rand seeded by the process ID, for example, to generate far too little entropy with far too little quality. One of the things I find unfortunate is when a particular class of security problem (say, XSRF) is well known but ignored by so many developers. Especially when you find those problems on a library level.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds