This is all FUD. The parameters in the code EK wants you to use are like saying "pick an integer between 2 and 4 and I'll guess it in one guess" Vs saying "pick an integer between one and a trillion and I'll guess it in 1 guess."
Just like with the android PRNG bug, if you limit the search space you can easily search it. It is self evident. There is a good thread in the tech and dev section which details why it isn't an issue unless you use bad (or limited) code to generate keys.
That's what I suspected. These code newbies don't know shit about PRNGs. Nevertheless, I've lately started to use
http://random.org to influence the seed for my random number generators in security critical infrastructure.
I looked at the code and i agree.
Python is used, specifically the random.randrange() function. No secure seed is given, so it defaults to time.time(), this basically is the timestamp in full seconds.
Result:
This function alone will yield in 2592000 (4 weeks of seconds) possibilities in stead of 2^256.
1.000.000 of these calculations per second (1Mhs) results in a collision roughly every 2.6 seconds. And this is with just one process running.
No worries here.
-Alex
Security specialist