On Thu, Oct 17, 2013 at 10:03:42AM +1100, Mark Andrews wrote:
Modern Intel CPU's provide hardware based random numbers. It is not like other cpu manufactures can't do the same thing. This doesn't increase the chip count or pcb real estate used.
Specifically Intel's RNG is inauditable. It should not be used as a single source of entropy, but always mixed in with others, unrelated sources of entropy. There used to be an USB stick RNG called Entropykey, but that one is currently unavailable. A cheap/improvised, trusted way to get some physical entropy could be USB SDRs http://sdr.osmocom.org/trac/wiki/rtl-sdr especially if hooked up to an analog wideband white noise generator http://www.maximintegrated.com/app-notes/index.mvp/id/3469 instead of just listening to the aether. Never use entropy as is, mix it into a PRNG, use as many entropy sources as you can. Packet timing (IRQs) can be a source of entropy in a network device.
It's time CPE Router vendors did a re-think.