A thermal entropy generator is a hardware device for producing random numbers.
But what for ?
While the need for random numbers is fairly obvious, one might at first wonder why one would ever need to use a hardware device at all. Aren't there many good algorithms for doing this? More information is available at Pseudorandom number generator, but suffice it to say that Pseudorandom number generators suffer from several problems.
The first is seeding them. A PRNG doesn't just pick numbers out of the blue. It has an internal state (initially this is determined in some manner by the seed) and each time you ask for a new number this state is manipulated in some way to produce a new number. If you know the seed, you can work out the whole sequence. From this it is obvious that the seed should be nice and random. But how do you pick a random seed? You can't really use another PRNG as that one needs to be seeded too.
The second problem is that any sequence of pseudorandom numbers will eventually repeat. This may require many iterations but it will happen.
Some programs require the user to waggle the mouse around or hit some random keys to produce some random data. This method of course is limited by the fact that it can't produce very much data and by the fact that it requires user interaction. Not really ideal for a server that requires large amounts of random numbers for generating encryption keys for example and lives in a locked cupboard. Even worse is that such data isn't truly random.
Working on better algorithms might provide some relief in terms of increasing the time it takes for the sequence to repeat, or providing a better distribution of random numbers, but of course won't solve the fundamental problems of PRNGs. John Von Neumann said
Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.
Obviously if you are just using random numbers to randomize the behaviour of the baddies in a video game then PRNGs are fine, but for serious cryptography they are insufficient and alternative methods are needed. If it is really important that no one be able to guess which number will be generated next, you might want to consider something like a thermal entropy generator.
Intel makes one such device, and one of the nice things about it is that you might already have one! (see later). It uses Johnson noise (also known as thermal noise), a characteristic of all circuits, as a source of random data. Obivously designing such a device is not a trivial matter. The noise thus obtained needs to be amplified and one must be careful not to waste any randomness with inappropriate amplification or sampling methods. It is also true that the behaviour of the resistor will depend on a number of characteristics of the environment in which the device is placed, such as power source fluctuations, temperature, electromagnetic radiation etc. Intel's device greatly reduces the influence of these external conditions by using 2 resistors placed next to each other. The actual signal used is the difference of those produced by the 2 resistors.
Random data is calculated in the following manner. The device has 2 oscillators, one running at a greater frequency than the other (approximately 100:1 ratio). The frequency of the slower one is modulated by the thermal noise obtained previously. This causes the 2 signals to drift relative to each other. The drift is the source of random data.
The data goes through some digital postprocessing to ensure that it is nicely distributed. This is based on an idea by Von Neumann (him again). Data is processed in pairs of bits. and is output according to the following rules:
- (0,0) produces no output
- (0,1) produces output 1
- (1,0) produces output 0
- (1,1) produces no output
A theoretical consequence of this is that the device could fail to provide any data for any given length of time, but in real life scenarios this is unlikely to happen for extended periods of time. To finish things off, the data is fed through a
SHA-1 hash, which makes it impossible to recover the actual state of the device and also helps even out any statistical structure the data may have had.
Aside from any defects in the implementation, one may wonder what would happen in case of hardware failure, in other words how long before you notice that the device has just been outputting a stream of constant bytes (before the SHA-1 hash obviously).
It turns out that the most likely cause of failure would cause the device to emit a constant stream of 1's or 0's, and the Von Neumann converter means that this would prevent any data from being generated. Quite handy really.
These devices are very simple and the good news is that the
Intel 82802 Firmware Hub Device has one of these built in. This chipset component is part of all of the 8xx series of chipsets, starting with the
i810.
There are other methods of generating random numbers. These include observing radioactive particle decay, others based on quantum phenomena and I have even read about a device that uses your sound card. Intel's solution does however have the advantage of making real random numbers accessible to anyone.
http://www.intel.com/update/archive/issue22/stories/top5.htm
http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf