An old vulnerability in a pseudorandom number generator called ANSI X9.31 is used in a lot of government certified products. The TL;DR is that this ANSI generator really sucks, and is easy to misuse. When its misused as it has been some very bad things can happen to the cryptography that relies on it. An attacker could learn only a single 16-byte raw output block (Ri) from a working PRG, she could do the following: (1) guess the timestamp T, (2) work backwards (decrypting) in order to recover the corresponding state value V, and now (3) run the generator forwards or backwards (with guesses for T) to obtain every previous and subsequent output of the generator.”]
Source: https://blog.cryptographyengineering.com/2017/10/23/attack-of-the-week-duhk/

