HASH is a cryptographic hash function, such as SHA-2. Such a failure in random number generation caused users of Android Bitcoin Wallet to lose their funds in August 2013. If not, the signature is invalid. HASH is the same function used in the signature generation. It is not immediately obvious why verification even functions correctly. This allowed hackers to recover private keys giving them same control over bitcoin transactions as legitimate keys’ owners had, using the same exploit that was used to reveal the PS3 signing key on some Android app implementations, which use Java and rely on ECDSA to authenticate transactions.
Technical concerns: the difficulty to properly implement the standard and the slowness and design flaws which reduce security in insufficiently precautions implementations on the Dual EC DRBG random number generator. Both of those concerns are summarized in libssh curve25519 introduction. NIST FIPS 186-4, July 2013, pp. Hackers Describe PS3 Security As Epic Fail, Gain Unrestricted Access”.