I just joined the list (rather loudly, I'm afraid), but I've already seen several writers complain about the quality of RNGs and PRNGs for the purposes of cryptography. PGP stores up keystroke-derived random bits in a file, which has been pointed out as a possible security hole. But requiring random keystrokes every time one wishes to send a message seems an inconvenient tradeoff, to say the least. Someone posted a plan for a Zener diode-based hard RNG on sci.crypt a few weeks ago. I'm not much of a solderer normally, but this seems like a good idea if anyone out there has tried it out and tested the output for nonrandomness. (Of course, ideally we'll have alpha-decay-based RNGs --guaranteed random by the laws of physics-- but I'll settle for thermal noise on the cheap for the moment). Anyone tried these yet? More to the point, does anyone have some code patches for PGP to use a hard RNG preferentially over other random bitstreams? (Yeah, it would be pretty easy, but there's no sense in duplicating effort if we could get something standardized, pretty and portable agreed on.) Joe P.S. Sorry about the wasted bandwidth last week. My fingers were moving faster than my brain, but I should have recognized this address as a probable mailing list. Thanks to all who politely directed me to the -request address.