I've been looking at using the Mac's Sound Input Manager for hardware RNG. The advantage of it is that (1) most macs have a microphone port these days, (2) it doesn't involve any user interaction, (3) the API is easy. What I don't know, is how secure it is. Or more precisely, I don't know how much entropy is contained in the signal. In the simplest case, where the microphone is not attached, the signal consists of long runs of '0x80's alternating with '0x7f's. Now, I have no problem transforming this into uniformly distributed RN's : just hash the buffer with MD5. My question is, how many bytes get fed into the hash? Obviously, enough bytes so that I have 128 bits of entropy. Preliminary tests give me a max entropy of about .65 bits per sample byte. That's not very much, but if I can sample at ~20 KHz, that's 1625 bytes per second. That's estimated by recording the length of runs and computing the entropy over the entire sample: i.e. the sum (for k = 1 to 120) of -(fraction of runs of length k * log2 of that fraction). That works out to about 3.3 bits per run with an average run of 5.1 bytes. I suspect there's much less entropy in that signal than even this estimate, but I don't have any way to conduct tests with pure 50 cycle power and uniform ambient temperature. Or whatever else biases the signal. For all I know, every time someone in this building starts his microwave it biases the signal. Does anybody have any experience/advice in this area? -- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). <Andrew.Spring@ping.be> PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway.