I can't find any links to your references to Ada's RNG / AdazPRING - where can I find more?

Very good article, congratulations for the synthesis of so many sources.

You wrote: "the humble sound card can be put to lots of different uses, and it is relatively hard for the bad guys to mess with it in a way that subverts the crypto without making the device unusable for other purposes".

Well, actually it's trivial to add a filter (either in the kernel/usermode driver or directly in the hardware) to remove the precious random "noise" from the input source - and yet claim that removing noise is a valuable feature if someone is ever going to question that most probably undocumented choice.

We have seen this happening for some physical randomness sources you quote, and for an obvious reason: defeating the purpose of encryption is the cheapest way to break code.

I really enjoyed reading about your philosophy of RNGs. It reminds me of very similar discussions about RNGs that I had with Dr. M.M. Atalla so many years ago.

The RNG I implemented under his tutelage incorporated many of your rules of thumb and had a similar architecture of collector(s), mixer and expander. One interesting difference is that we collected a lot of (electron thermal noise) randomness up front to incorporate into the mixer/expander machinery. A lot was on the order of a CD-ROM worth of random bits. It chewed up RAM, which had to be tested constantly to make sure the bits didn't flip.

Then we used real-time collectors (it varied whether it came from electron thermal noise or from "good enough" sources) to feed into the mixer/expander. We would refresh the mixer/expander store of persistent random bits periodically.