On this same track, I suggest that "/dev/random" devices for unix are an excellent idea. Ted Tso did one for Linux that steals all the bits of semi-random timing information it can. Such a driver has the feature that it can be plugged into either a software pseudodriver or a hardware device if one is available. John Gilmore writes:
Do we know any solid state physics / circuit design experts who think this might be a fun thing to do? I bet you could get a paper out of it. And probably improve the world a few years later, when companies used your paper to close another hole in their computer security.
There are companies that sell hardware RNGs -- Newbridge, for instance -- but they charge an arm and a leg for them. There is also a company that I got literature from that sells RS232 interfaceable radiation detectors, which I have thought about using for this purpose, but they are also way too expensive. As you say, what one really needs is something that fits in a small section of a chip. Unfortunately, this stuff is very delicate analog -- not the usual thing you find in standard cell -- and very easy to screw up.
PS: It's possible that NSA collusion with chip-makers could produce bad pseudo-random-number generators in popular chips, giving NSA a back-door into any algorithm that used them. This would be harder to detect than poor software random number generators, since it requires prying the lid off the chip, getting out your microscope, and reverse-engineering the circuit, instead of just disassembling the software. In this sense, NSA ought to be *encouraging* Intel and IBM and Motorola to put "generate random bits" instructions into their instruction sets...
An interesting concept! Perry