And the final mistake: They were using HTTP instead of HTTPS
to make the webservice call to random.org. On Jan 4, random.org started
enforcing HTTPS and returning a 301 Permanently Moved error for HTTP - see
https://www.random.org/news/. So since that date, the entropy has actually
been the error message (turned into bytes) instead of the expected 256-bit number.
This is so ridiculous I'm not sure if I should cry or laugh...
