I've found a few since, too; some I could build right away. Leading to a n00b question: if you have a custom-built HWRNG, and you *don't need the full output* but just a complementary source of entropy for /dev/random, how would one seed /dev/random with the HWRNG without washing out the good entropy already in /dev/random? That is, I gather some CSPRNGs can consider relative weights of RNG inputs, seeding the pool more often from some than others, or sanitising some inputs more than other. So my custom-built HWRNG, with possibly not-trustworthy output for crypto usages, would be a nice ancillary input to /dev/random if I could be sure it would be only used to supplement, never to replace, more proven and trustworthy sources. Bonus question; if I take the direct output of my HWRNG, and use it with a hash function and a long, random seed that is invariant, that should even out the bits of output and help account for fluctuations in true entropy, right? That is: mypassphrase = SHA512(b'some long string of high-entropy seed data') entropy = HWRNG_READ(64) entropy = SHA512(entropy, mypassphrase) seed_dev_random(entropy) On Fri, 18 Oct 2013 09:54:46 +0200 Eugen Leitl <eugen@leitl.org> wrote:
On Fri, Oct 18, 2013 at 08:16:51AM +0100, Cathal Garvey (Phone) wrote:
Accepted, entirely, but if "noisy diodes" are all you need for quantum entropy, why are designs for OSHW entropy generators so scarce?
Are they?
http://www.maximintegrated.com/app-notes/index.mvp/id/3469
This is analog electronics 101. All you have is to sample that at sufficient rate on the cheap. That used to be a problem, but no longer is
I suggested smoke alarms not through radioactivity-fetishism but because of ubiquity and low cost, likely low difficulty to adapt.
We do not want a dinky little entropy drip. We want a regular firehose. The USB RTL samples at 1.4 MSamples/s. Total part costs is probably 20 USD, in bulk.
Why is nobody selling a kit like that? Because worrying about sufficient entropy in crypto settings is a terribly niche thing. Sadly.
Now try for a decent clock. (Hint: time-nuts. And did you know they use CSACs for IED trigger jamming?).