I see a few people mentioning applications of this in cryptography and I feel that this is harmful.<p>You do <i>not</i> need exotic hardware to collect entropy to generate crypto keys. You need a correctly designed cryptographically secure PRNG which has had time to accumulate 100 or so bits of entropy (i.e., unknowability to the attacker). It's nice if it can be freshened every now and then with more entropy, but that really only should make a difference if you lose a backup tape and by some miracle the private key wasn't on there already. After it's warmed up, it should never need to block due to 'depleted entropy'. No one has ever broken such a CSPRNG. This is how the OpenSSL, OpenBSD, and FreeBSD /dev/randoms work.<p>On the other hand, what does tend to get broken regularly are overcomplicated and overengineered RNGs like this beast.<p>The one on the new Intel chips is handy, but it's largely overkill. We only need 100 bits now and then, not a steady rate at Gb/s (which can shut off abruptly when an attacker sharing your cloud hardware node decides to starve you of them). It's also not something that we can review for backdoors, so we should be reluctant to use it as the sole source of entropy.<p>A quantum vacuum random server is great like the way an internet-connected coffee pot is great. Fun, but not useful in production.
If you have a modernish machine running Linux, find out if it has a TPM (Trusted Platform Module) built in. If it does, you can use an application called "Trousers" to take advantage of its built in hardware random number generator. It will directly feed random data into /dev/random<p>If you don't have a TPM, you can get one of these usb sticks: <a href="http://www.entropykey.co.uk/" rel="nofollow">http://www.entropykey.co.uk/</a> and it will also feed /dev/random with large amounts of real random data.
People, if you need random numbers for some application of yours, you shouldn't get them from their server, period. See alternatives in the posts here. The most modern example, apparently the following hardware instruction will be available in all next Intel processors: <a href="http://en.wikipedia.org/wiki/RdRand" rel="nofollow">http://en.wikipedia.org/wiki/RdRand</a><p>The main article is just to appreciate the pure <i>awesomeness</i> of us being able to actually see something that's a result of quantum fluctuations! In vacuum!
FermiLab has been offering HotBits for a very long time:<p><a href="http://www.fourmilab.ch/hotbits/" rel="nofollow">http://www.fourmilab.ch/hotbits/</a><p>The site contains some interesting discussion around randomness and how their service works.
I've always wondered how many probabilistic algorithms would have been discovered which outperform deterministic ones if a high-bandwidth hardware RNG was available on every machine.
so is the paper that describes this available for free anywhere? the trail of links from that page ends at <a href="http://apl.aip.org/resource/1/applab/v98/i23/p231103_s1?isAuthorized=no" rel="nofollow">http://apl.aip.org/resource/1/applab/v98/i23/p231103_s1?isAu...</a><p>update - similar article (free) from same people <a href="http://www.opticsinfobase.org/view_article.cfm?gotourl=http%3A%2F%2Fwww%2Eopticsinfobase%2Eorg%2FDirectPDFAccess%2F7E9122D0-A0B4-6DFC-9DAF7CF4BF5D2F30_222934%2Epdf%3Fda%3D1%26id%3D222934%26seq%3D0%26mobile%3Dno&org=" rel="nofollow">http://www.opticsinfobase.org/view_article.cfm?gotourl=http%...</a> (source <a href="http://www.opticsinfobase.org/oe/abstract.cfm?uri=oe-19-21-20665" rel="nofollow">http://www.opticsinfobase.org/oe/abstract.cfm?uri=oe-19-21-2...</a> )<p>[it seems like this is actually a big deal - they are getting huge throughput]
oh noes. Not this poo again.
Save money, and do the following.<p>- Get a high res webcam
- Open it up and remove the filters.
- Hook up the device.
- From time to time you'll see random white dots appear.<p>There you have your ultra cheap random number generator.
Works best in high radiation environments.
Hasn't Via done something similar?<p>Since we have millions of transistors in our systems couldn't they (their collectors) be used to generate "truly" random numbers?