We were very careful: we did not intercept any traffic, we did not sniff any networks ... We went to databases that contained public information and downloaded public keys.
The fact is, if these numbers had the entropy that they were supposed to have, the probability of even one of these events happening in 7 million public keys would be vanishingly small.
The lack of sophistication of our methods and findings make it hard for us to believe that what we have presented is new, in particular to agencies and parties that are known for their curiosity in such matters.
Our only conclusion is that there is not just one cause for all of these problems ... This leads to our conclusion that unless you can totally trust your random number generator, RSA is not a good algorithm to choose.
If you have a collision, you only affect one other person. You can hurt them and they can hurt you, but you haven't made it public to everybody and their mother.
Embedded devices have a history of problems in generating entropy for keys ... We're seeing the same embedded devices from the same manufacturer generating the same primes.
If you can programme events at a molecular level in cells, you can cure or kill cells which are sick or in trouble and leave the other ones intact. You cannot do this with electronics.