(no title)

In theory, as others that replied have noted, hardware is better ... in practice there are issues other than "software is deterministic".

Many naive hardware based random number generators suffer from being not as random as one might think - thanks to quantising levels in A/D converters, to supposedly random physical processes having "spectra" where measurable signal occurs more in some bands than others, and to a multitude of other odd little effects just making a hardware based RNG is as simple as it seems.

The entropy key cited above has multiple noise sources and PRNG processes that mix them up and running checks to see that things are working as expected. That level of paranoid checking is more or less the minimum level required in a RNG to be confident about it.

Everyone has mentioned how software is deterministic.

Hardware RNGs sometimes rely on thermal noise (which is really random) but there are sometimes flaws with how that noise is sampled and de-skewed. Also, they need to be monitored to cope with hardware failure. Be aware, especially if you're using them for cryptography, that they might be a poor fit for your purpose.

Testing Hardware RNGs

(http://www.robertnz.net/true_rng.html)

EDIT:

Descriptions of various forms of noise:

(http://www.eie.polyu.edu.hk/~ensurya/lect_notes/commun_cir/C...)

And surely everyone on HN knows that part of the "snow" noise displayed on an untuned TV is cosmic background radiation, ie "afterglow" of the big bang. I still find that amazing.

Pure software-based random generators are deterministic and thus not random.

When something is deterministic, it is reproducible and therefore not good for creating crypto keys.

Most /dev/random implementations use data from the ethernet driver, the keyboard, mouse etc to get some input which isn't easy to reproduce.

Because you can't get really random number from deterministic hardware (and computers are deterministic, more or less :) ). No matter what you do, running the same algorithm on the same input gives you the same data on regular computer. And the randomness (measured in Kolmogorov complexity [1] of the resulting string) is by definition smaller than the length of the generator program.

And truly random string is such string, that there's no possible program producing this string as output, that is shorter than the string.

On deterministic computers you can only produce pseudorandom numbers, with varying quality of randomness, depending on generator program you use, but it's sometimes not enough (esp. in cryptography).

[1] http://en.wikipedia.org/wiki/Kolmogorov_complexity

Software is deterministic, so it is not really possible to generate noise. There are non-deterministic parts of software (for example, thread interaction in concurrent systems), but this is just observable behavior of hardware effects.

The typical thing people do to get large amounts of randomness is to first generate some "real" random noise from some source (hardware thingamajigs, network timings, user interactions) and extrapolate these into longer sequences of random-looking numbers. The extrapolation can be fast and simple (in which case the randomness is not so good), or it can be slow and complex (to get decent looking randomness).

Others have explained why it's not possible to create a good software random number generator. Hardware RNGs don't just provide a much better quality stream of random data, they also provide a much higher quantity of it. I just generate a GnuPG 2048 bit keypair by running "gpg --gen-key" on my laptop. It took over 11 minutes to gather enough entropy to build the key. I then plugged my Entropy Key into the laptop and repeated the process. This time it took less than 2 seconds.