Schneier on Security brings us The Strange Story of Dual_EC_DRBG. it seems that one of the new randomization standards being pushed by NIST originated in the NSA and is capable of being engineered to produce numbers that look random but are not.
Since random numbers are frequently used to seed cryptographic algorithms, this is a fairly big deal to the crypto community. The NSA isn't talking, but I'm guessing this was no accident.
I know someone who was at the NIST RNG workshop at which the algorithm was first presented, and his view is that it wasn’t that someone was deliberately pushing an algorithm which they knew to be flawed. Rather, it was a case of having overindulged in the “elliptic curves are good” koolaid.
Yep. Remember, that the result isn’t really random is the canonical problem with RNG’s. Occam says your first guess when something exhibits a canonical problem is one of the canonical causes: in this case, bad math.