A better random generator :-)?

OK... Take 128 little plastic cubes and take 128 little Ultra-sonic microphonic transducers, and take 128 little spark gap point sets.

Apply sequenced HV (which you could also 'randomize')and when each spark gap box fires, a computer examines the US (ultrasonic) signature of the spark impact, or a sonic snapshot within a live event window therein, and creates "a word" (of whatever length). 128 of those can create a pretty big random number and there would never be a repeat.

Or have it splash against something like Palladium (in a brass can) and examine the X-Ray event signature, instead of acoustics.

The word for today is

Bubble Sort

In that case just use RC-4. It is no longer state of the art for crypto but it has a massive period, and excellent statistical properties. Some specific tests for RC-4 can detect it in in a few dozen megabytes of output but the general statistical tests will never detect it.

Too much work. Take a random webcam image and nab a million RGB pixel amplitudes, and digitally scramble the numbers. That's as random as things get. Your monitor may have the camera built-in.

The Intel Random Number Generator looks pretty good:

Here is an implementation guide:

If you are paranoid, you can read this:

Linus Torvalds thinks it's fine:

as does Cryptography Research:

Bruce Schneier doesn't trust it unless it is followed by strong software PRNG:

FreeBSD won't use it:

If you don't trust it, you can make your own:

I think that one can do a good random number generator with an FPGA. One way is to build a bunch of async ring oscillators (ignore all the compiler warnings!) and post scramble.

One could do some fun things using some i/o pins, especially if some (preferably cheap ceramic) external capacitors are added from pins to ground, or to Vcc. Build some analog one-shots, and measure their times with a fast clock. Fun chaotic variations are possible.

Hey, one could create a block of clocked logic whose sole purpose is to heat up the chip. Cycle that on and off pseudo-randomly, and let that change the prop delays of the ring oscillators or one-shots. The temperature could also be tweaked closed-loop to cause a metastability somewhere. Interesting control loop. That could probably be done in several different regions on-chip.

One could do the regional heating thing as animation and thermal image the chip. An animated worm or pinwheel or something.

However, the detectors can all be easily compromised by external factors. If you're looking for spook-level randomness, none of this will cut it without a *lot* more work.

I disagree. A zener diode isn't easily spooked. An LED and a photodetector will make either random pulses or gaussian noise, based on quantum photon statistics.

I like the CCD idea. A webcam gives you get millions of physically-based random number generators for about $10. You can even use somebody else's webcam.

HAIPE encryption modules do a pretty good job...

One problem with the FPGA is crosstalk. This could cause the RNG to lock to some undesired pattern, especially if a particular combination of data is going through the FPGA. It would be difficult to prove it is not happening. I like the metastability idea. Set a D-Flop as a divide-by-2 with a resistor in series with the !Q and a large cap from D to ground. Clock at a high frequency so the ripple is in picovolts or less and watch the Q output. Add a second stage to clear the metastability and viola. The least expensive hardware random number generator ever.

And no way the NSA could put in a back door!

Terry Ritter has been dealing with RNG's for a long time. His web page is

He has investigated various methods, such as zener, FM IF noise, etc.

He studied junction noise:

He shows the autocorrelation and histogram of some noise sources:

The impression I get is it is possible to get reasonable results, but you have to work at it, and develop the software needed to analyze the results. You can't just say 'I did a XXX noise generator' and assume it is good enough. You have to measure it and prove it is working properly.

Yes, this is *far* more difficult than Larkin pretends. Keeping the RNG that way is just as difficult. It's hard enough that when I was doing crypto hardware at IBM that we punted the RNG to the customer. There was no way we could make (and prove) even a 56b, much less double or triple that, random number. Those that studied the problem found that human intervention was about as good as you could get, reliably (at a bit or two per).

Irrelevant.

I've run Terry Ritter into him before. You might note that the 'noise' source he uses is a voltage reference. He says thats because the noise level is 'specified' - unfortunately the noise level is also minimized. Also note that he hasn't managed to get a level frequency response or anything else (electronically) worth while. We would agree that it is possible to do, but you need to test the results - but that is about all

Yes, KiethkeithStain... suddenly... again... you are.

You had damned near made it out too.

Oh... That's right... You gotta get in to get out...

Can't help it if you can't read or understand. Never could, DimBulb.

Zener diode, highpass amp, comparator, shift-register scrambler. Do that a bunch of times and XOR the results. It is easy.

How do you prove it.

That is a far more difficult problem.

Sure, crypto-level proofs are a lot of computing. I have no doubt that the thing I suggested would pass any correct tests.

Heck, even a perfectly random bit stream will occasionally fail a test for randomness. Monkeys and typewriters thing.

Confidence is not the issue. Unless you have the equipment and have made the measurements, your claim has no value.

Show us the tests you have made and the results.