[ricket]

So the server always sends the same plaintext (the private key of the bitcoin wallet), encrypted presumably by the same cipher but each time with a different symmetric key of course (negotiated by the handshake). It seems (naively, I'm sure) like this is a weakness, like you could collect a bunch of the encrypted samples, and then use the fact that they are all from the same plaintext in order to figure out what the plaintext is. How many samples would it take before you could deduce the key?

[comex]

In theory, a block cipher is broken if an attacker can even tell the difference between application of the cipher and of a random permutation, different for each possible key, more efficiently than brute force (i.e. trying every possible key). Since encrypting the same plaintext with a bunch of different random permutations would not help an attacker recover it, I believe an attack like you describe would not be possible without breaking AES.

[un1xl0ser]

A weak RNG may create an opportunity for successful cryptanalysis. This can especially be a problems on virtual hardware/platforms that don't have a mechanism for keeping a good random seed, and have predictable hardware events, et cetera.