Many thanks for your comprehensive answer!
It seems, as I've found in the last couple of hours, the use faulty PSRNG's might pose a threat, maybe significant enough to drive the price further down.
The unfolding story is here:
https://bitcointalk.org/index.php?topic=107172.msg8939173#msg8939173 I hope you'll find it interesting enough to consider including it in your great work (I'm closely following your posts) that you're doing on studying/documenting the whole ecosystem.
Thanks for the link and the compliment!
As I understood it, those Hyena guys claim that many wallet tools use PSRNGs that generate less than the required 2^160 bits of entropy. They claim that the entropy is low enough that the chance of a collision is not negligible; and they have set up a lot of disk and computing power to catch for such collisions.
I doubt whether good PSRNGs, correctly implemented and used, have such a low entropy. However, the probability of coding errors makes the project more plausible. In conditional probability notation:
P(security broken) =
P(software is correct) * P(security broken IF software is correct) +
P(software is buggy) * P(security broken IF software is buggy)
A strong cryptographic method only ensures that the factor P(security broken IF software is correct) in the first term is astronomically small. However, the factors P(software is buggy) and P(security broken IF software is buggy) are large enough to matter. For bitcoin, empirically, the second term may be on the order of 1 in 10'000 or more, and is unlikely to decrease. (As time passes, the best implementations may get somewhat more secure; but the number of implementations will grow, so there will be fewer competent eyes checking each of them, and reports of coin theft will get less attention.) Thus, P(security broken) should be large enough to notice, and will not be improved by switching to 512 bit keys or whatever.