Maybe a tried-and-true PRNG could be used seeded with sha256(server_seed || ":" || user_seed) or whatever) instead of that nonce-postfix-thingy that is implemented, which only changes a couple of bits (down to only one bit rougly every second time) of the sha256 input between rolls. I'm not saying this is a flawed approach (I clearly do not know this), just that it's impossible for me to be sure it's not (partly) predictable.
If this is the case, wouldn't the entire proof of work for Bitcoin be compromised?
Bitcoin = SHA256(SHA256)
JD = HMAC-SHA512(sever seed, client seed, nonce)
They both use the SHA family right?
No, a predictable pattern existing in JD PRNG would not mean proof of work for Bitcoin is compromised.
POW involves "guessing" a nonce so that the sha output is smaller than x. Predicting a pattern in JD means exploiting properties of sha256 that have nothing directly to do with its "irreversibility". In JD the difference between two consecutive inputs to the function is known (nonce = nonce + 1). This could lead one to be able to predict (maybe statistically and using past data) changes between 2 consecutive outputs. Again: I'm not saying this is the case and sure as hell I'm not saying I found something like that, but I just can't rule it out for myself.