Random number generator flaw is a potential security threat

BBC : Website servers regularly use random numbers for encrypting data, but a flaw in how those numbers are generated could be exploited to expose the raw data. Bruce Potter, a security analyst, and Sasha Wood, a security researcher, found that a common random number generator used on Linux servers had a low level of entropy in the data stream it uses for generating the random numbers. That data stream is created by translating inputs such as mouse movements, key presses, and other machine actions into binary data and is stored in a pool. When a random number is needed, a chunk of that data is taken from the pool to seed the generator. The flaw that Potter and Wood found is that the servers are not getting enough input to have a high level of entropy in their data stream, which resulted in less randomness in the generated numbers. That means the encryption is more susceptible to guesses and brute force attacks.