BTW., if someone with skill would manipulate the RNG intentionally, he would do it this way:
https://bitcointalk.org/index.php?topic=883793.0
https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/
http://www.reddit.com/r/Bitcoin/comments/2p2kcd/how_perfect_offline_wallets_can_still_leak/
https://bitcointalk.org/index.php?topic=883793.0
https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/
http://www.reddit.com/r/Bitcoin/comments/2p2kcd/how_perfect_offline_wallets_can_still_leak/
Wow...
Understandably, harware wallet manufacturers tend to present their products as 100% safe, and hide or dismiss their risks. But, at the very least, you must trust the manufacturer (and trust that they didn't hire that programmer that BCI just fired
), as well as all the people who may have access to it along the path from the factory to your pocket. As customers grow confident in such devices, the payoff for an attack via malicious fake devices could be huge, and criminals may invest proportionally in carrying out the attack.