A PRNG is an algorithm that generates a sequence of numbers that appears to be random but is, in fact, entirely deterministic. Given the same initial starting value, known as the "seed," a PRNG will always produce the exact same sequence of numbers.

PRNGs are not truly random; they generate sequences based on a mathematical formula. Their "randomness" is an illusion created by the sequence being difficult to predict without knowing the seed, and by satisfying various statistical tests for randomness.

For cryptographic applications, a special class of PRNGs, known as Cryptographically Secure Pseudo-Random Number Generators (CSPRNGs), is absolutely essential. CSPRNGs have additional, more stringent properties vital for security:
- Unpredictability (Next-Bit Predictability): It must be computationally infeasible for an adversary to predict the next number in the sequence, even if they know all previous numbers in the sequence.
- Backward Secrecy (Seed Compromise Resistance): It must be computationally infeasible to determine the original seed value (or previous states of the generator) by observing any part of the generated sequence. This means that if the state of the PRNG is compromised at one point in time, it should not allow an attacker to determine numbers generated before the compromise.
- Non-Repeatability: The sequence generated should be very long before it repeats, and the period should be unknown to an attacker.

Key Generation: This is arguably the most vital application. All cryptographic keys—whether symmetric keys (for AES, DES), private keys for asymmetric systems (RSA, DH), or ephemeral session keys—must be generated with a high degree of randomness. If an adversary can guess, predict, or deduce the keys due to a weak or improperly seeded PRNG, all confidentiality, integrity, and authentication provided by the cryptographic system are immediately nullified. For instance, if RSA private keys are generated using a predictable PRNG, an attacker could potentially regenerate the same key pairs and impersonate users.
- Nonces (Numbers Used Once): Random or pseudo-random "nonces" are used extensively in cryptographic protocols (e.g., TLS handshakes, authentication protocols). A nonce is a number that is used only once in a specific context. Their unpredictability prevents "replay attacks" (where an attacker re-sends a legitimate, previously recorded message to trick a system) and ensures the freshness of a cryptographic exchange.
- Initialization Vectors (IVs): In many block cipher modes of operation (e.g., AES-CBC, AES-CTR), an Initialization Vector (IV) is used to ensure that identical plaintext blocks encrypt to different ciphertext blocks. This is crucial for hiding patterns in the plaintext. For security, IVs should typically be unpredictable and unique for each encryption operation. A weak or repeating IV can expose the system to various attacks.
- Salts for Password Hashing: When hashing passwords, a unique, randomly generated "salt" is combined with the password before hashing. This salt must be generated using a CSPRNG. It protects against pre-computed rainbow table attacks and ensures that identical passwords result in different stored hashes, even if multiple users choose the same password.
- Padding in Cryptographic Schemes: Some encryption modes or signature schemes require random padding to ensure messages are of certain lengths or to add additional unpredictability.

Compromise of Confidentiality: Predictable keys mean an attacker can decrypt messages without authorization.
- Forgery of Digital Signatures: If the private key generation or signing process relies on a weak PRNG, an attacker might be able to derive the private key or forge signatures.
- Replay Attacks: Predictable nonces allow an attacker to reuse old messages to impersonate users or manipulate systems.
- Vulnerability to Traffic Analysis: Predictable IVs or other random inputs can reveal patterns in encrypted traffic, potentially exposing information about the plaintext.