"pseudorandom" isn't any kind of meaningful warning, all (typical) RNGs are pseudorandom. Not providing sufficient entropy to seed the RNG is something altogether different. The only alternative is an expensive HRNG (a separate rackmountable entropy generator, in essence), and even then I seem to remember that this only improves the quality of the entropy seeding (i.e. the RNG still produces pseudorandom numbers).

stating more plainly what the security properties of the code really is would help, but I'm not sure it would have made a difference in these recent thefts. Anyone who compiles this code themselves (and I'm pretty sure that's necessary, no organization was building + distributing binaries) is taking a leap into the world of trusting their own judgement in any case.


the quality of the entropy seeding an RNG is so fundamental to secure use of cryptography, and yet truly understanding how and why are immense tasks for any human. so I do sympathize with those who were stolen from, because I'm not happy with my own grasp of the issues. but we may, in the end, have no choice but to do so, i somehow doubt this is the last time that inadequate assessments of cryptography in software will burn people, whether cryptocurrency or otherwise