2013/10/18 James A. Donald <jamesd@echeque.com>
You can, however, be sure a microphone input is a reliable source of entropy, since fake entropy would interfere with its microphone function.
This is a syntatic non sequitur. Why would fake entropy interfere with a microphone's function? How is the microphone guaranteed to have "its microphone function"? Is a microphone input just the microphone's jack or an actual soundwave-modulated-magnetic-power-factor? In either case it's also a semantic non sequitor. If someone plays a darn loud sine wave in the serverroom you can be sure the microphone will replicate it. It'd be doable to make any microphone always output it's maximum value, through a plenty of means. The sad thing is that it's sound, so it might even be doable at distance! (scenario: people breaking into a running-but-physically-controlled server through manipulation of it's random numbers) I think an internal radioactive source such as a smoke alarm makes great sense. Be wary to isolate it very well to prevent outside interference. If it just goes to MAXINT if someone holds his cube of madam curie next to the server's case it'd be a shame. @Jim Bell: wouldn't such a ring oscillator aggregate be subject to patterns? If you have something that can create more out of fewer pieces of randomness, isn't there plenty bad-randomness-sources to go on? @Jon Callas: How is this random generator affected by CPU Interrupts? It seems to be a feature added for "more randomness", but given interrupts are far from guaranteed (especially in problematic systems) you cannot depend upon them. Especially because random numbers are harder on smaller systems I'm not sure I'd call this solution elegant. I believe stir-back is not always possible but a very strong feature. If you can always stir-back, can't you always generate something fairly random by simulating a x-times-stir-back? If you can't, how can you trust your stir-backs to be spaced enough for your -x-times-stir-back to not happen anyway? Lastly I feel your way of dealing with the pool-distiller model is finicky. If you hash a pool your hash will be able to fold onto itself very often and bits of entropy in different places can have different effects. You're placing an unusual amount of faith in your hash function on it being perfect. Diffusion with a partially known sourcetext is very, very murky business. And with predictable data going into your pool you're essentially creating a probably partially known plaintext. That's complex, and that'll do you good, but it is not the kind of nice randomness you'd go for. A suggestion I'd like to make is a laser & light strength measurement unit. Neatly self contained and accurate enough it can measure the bending of spacetime itself. I suppose anything even nearly that accurate will measure it's direct environment's noise so well it all doesn't matter anyway. Something like Delta(cpu_magneticness_mid_cycle) would do wonders. Anything dependent on the activity of the computer itself gives problems with people manipulating what the computer is doing. More rough it could measure minute changes in the movement and heat of flowing air. wow this became a lot longer than I expected.