Many procedures use a random session key to encrypt the body of the message. If this key
is ever compromised - because the random numbers are predictable or can be manipulated before
being generated -
an opponent who has had access to your encrypted messages can decipher them at his leisure.
You never use the standard VB6 Rnd() or C stdlib rand()
functions to generate your keys!
For more examples of potential problems see [GUTM]
and [KELS98].