Cock-ups

Doh - Another cocked-up TRNG. Doh! They happen more often than we’d like to admit. Unfortunately, randomness is too important to be left to chance experts.

And the most likely encryption/device to be properly cocked-up is the OTP. See this long list of crypto.stackexchange.com questions regarding OTPs. How they’re not, how they can be improved and especially how more key material can be generated. It’s a sad (but understandable) tale of woe that confuses even professional developers.

A popular tool called FinalCrypt is a good example of a bad cock-up.

There are others too like YubiKey which are well known professional products. But they too suffer cock-ups. In YubiKey’s case, an initial decrease in entropy at boot time. This led to weak RSA, ECDSA and ECC keys being generated by the key’s internal TRNG.