Nobody trusted Dual_EC_DRBG despite its NIST accreditation. It was always obviously weird to experts, and it wasn't simple and performant enough for non-experts.
The reason it was enabled in some systems is 1. libraries (like openssl and ffmpeg) used to implement and ship every algorithm on Earth for pride reasons 2. NSA bribed RSA BSafe to make it the default.
The reason it was enabled in some systems is 1. libraries (like openssl and ffmpeg) used to implement and ship every algorithm on Earth for pride reasons 2. NSA bribed RSA BSafe to make it the default.
You don't have a solution for #2.