If you’re interested in computer science, have you ever looked at the Software Foundations course by UPenn? It follows a similar approach of having you build all sorts of fascinating math principles and constructions from the ground up. But then it keeps going, all the way up to formal methods of software analysis and verification.
I don’t think RNG or modular math were really the culprits here. PuTTY’s k value generation is deterministic and the biasing was caused by a mismatch of integer sizes and the resulting leading zeros. The offending operation is named mod, so that’s related to modular arithmetic, but the modulo (521 bits) was bigger than the SHA512 output (512 bits) from deterministic k generation. I linked earlier to a post where I break this down at the source code level.
I did a bit of a deep dive into this, in case anyone is interested. I think reading the code is a great way to understand _why_ this vulnerability happened:
I never got diagnosed with COVID, but I was almost certainly exposed. Mine developed suddenly during one of the early peaks in 2020. Unfortunately I was also producing music at the time with headphones, which I've considered the likely cause. But who knows -- maybe it was a combo of things. My stress was through the roof, I wasn't sleeping much, I put on a lot of weight, and I was exposing my ears to moderately loud sounds. Suddenly my brain just decided to keep looping a tone indefinitely.
At least treatments are starting to come out. It's nice to know that there is relief if I ever need it.
https://softwarefoundations.cis.upenn.edu/