Accepted, entirely, but if "noisy diodes" are all you need for quantum entropy, why are designs for OSHW entropy generators so scarce? I suggested smoke alarms not through radioactivity-fetishism but because of ubiquity and low cost, likely low difficulty to adapt. Jon Callas wrote: Be aware in all of this of the Heisenberg-Schödinger Credulity Effect. That effe ct is that the word "quantum" sucks people's brains out, and otherwise sensible people suffer from impaired reasoning. It is certainly true that radioactivity is a random effect, and is quantum in na ture. That does not mean that in order for a random sampling to be quantum, it m ust be based on radioactivity; there are other quantum sources of randomness. No isy diodes, resister noise, CCD noise, etc. are all quantum. If you want to get picky, *all* physical effects are quantum, even ones that aren't usefully random . There is nothing magic about one physical source or other that makes it more s uited for crypto. Thinking that a hardware source should be radioactive is affir ming the consequence, as well. Not does it mean that a radioactive (or other) source is suitable for cryptograp hy without some sort of conditioning. Hardware sources are often biased in distribution, or have other numeric flaws that can be fixed with a whitening fun ction. In short, radioactivity is neither necessary nor sufficient for cryptographic us e. If you want to use a source for crypto, you want to run it through a system l ike /dev/random or at the very least a DRBG to give clean outputs. Furthermore, what we really want in crypto is what I call "unguessability." This is both weaker than true randomness and stronger. It's stronger in that the num bers have to remain secret. A completely random process that everyone knows is c ompletely unsuitable for crypto, but a weakly entropic input can be jiggered int o suitability. To sum up -- don't get wrapped around the axle about radioactivity. It's not the only random process in the universe, and you have to do a lot of work once you have it. The sort of work that you need to do is precisely what a well-done OSRN G does. Jon -- Sent from my Android device with K-9 Mail. Please excuse my brevity.