Beautiful looking site Mike and great domain name
Can you elaborate on the problem with randomness for us non-geeks? What is the issue with how other "address generators" generate addresses?
Is it a security risk?
Yes, there is a serious security problem when generating bitcoin addresses using pseudorandom numbers.
For short (technical) answer: Pseudorandom numbers have very small entropy (equal to size of the seed) and can be easily guessed.
Longer elaborate answer:
To make sure your BTC are secure you have to store them on address created with strongly random private key.
The more random private key is - the harder it is to guess it.
To make it the most secure - it has to be generate from truly random sequence of bits.
Random numbers created inside a computer are not really random and shouldn't be used inside programs with critical security (see:
https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography).
Random numbers inside computer are created using simple mathematical equations that provide a sequence of numbers that looks random, but can be easily guessed by just looking at one or two number from a sequence (commonly used mechanism is:
https://en.wikipedia.org/wiki/Linear_congruential_generator).
Let's make an simplified example of how this sequences of PSEUDOrandom numbers are created:
Let's try to make sequence of one-digit pseudorandom numbers (usually sequences have 13-digit numbers or more):
We'll start with x=5 and use formula next_x = (x*7 +3) %10. (%10 means: "take last digit")
The first number in sequence is choosen to be 5, the second is then:
(5*7+3)%10 = 8. The third is
(8*7+3)%10 = 9. The next digit is:
(9*7+3)%10 = 6, and so on (it starts to repeat).
The sequence 5, 8, 9, 6 look like it's 4 random digits, but if you know formula how they are created (and formulas are well known), all you need to know is that you started from 5, the rest can be calculated.
So, if you use numbers from sequence of pseudorandom numbers, even if sequence is milliion digits long, you just need to know one or two digits to be able to calculate all of them.
So if you create 1000 bitcoin addresses in one go on you computer, someone could guess a few numbers and be able to get bitcoins from all 1000 addresses.
That's why pseudorandom numbers should be replaced with random numbers when creating secure addresses, but normal computer don't have a way to roll a real dice inside - so the randomness has to be provided from humans (for example by randomly shaking your mouse).