Here - https://privatekeys.pw/keys/bitcoin/1
You can see on the above link. Any attacker can easily brute force first few million private keys so how to prevent such attack?
Private key/address on those website is generated on-demand (basically when you access the page). I would recommend you try clicking button "Random" or "Last" on that website. Actual attacker could brute force either from beginning, ending, other specific range of number or even randomly.
One last question. Is it more secure to generate a 24 word seed using dice/coins (manually) OR using CSPRNG present is software like electrum etc ? Which is more secure?
People usually would say both option are secure enough. Although it's hard to say which one is more secure since there are many variable involved needed to answer the question (such as quality of the dice or whether you call CSPRNG just after boot on device with very little activity/input). But FYI, Electrum actually utilize CSPRNG provided by operating system through function
os.random()[1]. Electrum would use
/dev/urandom on linux/unix-based OS and
CryptGenRandom() on Windows OS[1].
[1]
https://github.com/spesmilo/electrum/blob/4.3.2/electrum/wallet.py#L433[2]
https://docs.python.org/3.10/library/os.html#os.urandomso using CSPRNG on new OS installation and just after reboot is not secure enough? So what time should i wait before booting system to make sure there's enough entropy? Also i guess on live machine/VM it's not safe to use CSPRNG?