I'm considering building a PCB to make a hardware random number generator. My first impression is that it will consist of a reverse-biased zener (for a broadband source of uncorrelated white noise) driving one of those one-chip FM recivers, with the audio output driving an 8-10 bit flash A/D convertor. Fairly simple. For cryptologic applications, the output would have to be hashed down to a somewhat smaller output of bits since not all outputs are equally probable, but I suppose after such massaging it could produce at least 2 bits of randomness per sample at a 10 kilosamples per second or so, possibly much more with a wideband receiver chip. But on thinking about this a little more, I began to wonder if anybody really wants this. Pessimistically, it occurs to me that: 1. Many if not most people don't even understand why a hardware RNG is desirable. 2. Users of programs like PGP today already get at least a fairly decent RNG already. Would they want better? (I'm not suggesting a total replacement; I assume that the output of any hardware RNG would be hashed with more "traditional" PC sources, like disk timings, keyboard timings, etc, which should deter attempts to attack just the hardware part.) 3. Even hardware RNG's aren't "perfect": they could be subverted, replaced, or perhaps influenced. Would someone who was sufficiently sophisticated as to recognize the need for it actually accept a real, functioning device? On the other hand... if this kind of pessimism had infected Phil Zimmermann before he wrote PGP 1.0, he might have deleted the first 50 lines of code, erased the file, and said, "fuck it!" Jim Bell jimbell@pacifier.com