Table of Contents


Status: First Cut.


The market for RNGs is dead. We need a Quick and Dirty RNG, and a marketing approach to seed it.

Background Doco

See the following:

Systems Definitions

Random Numbers
(RNs) are numbers that are not predictable.

Random Number Generator
(RNG) is a software or hardware design that generates RNs.

Psuedo RNG
(PRNG) is an algorithm that takes a small seed and generates a sequence of numbers that are unpredictable if the internals -- the seed or key -- is unknown. Typically, by using a cryptographic message digest or encryption algorithm.

True RNG
(TRNG) is a device that claims to measure some source of physical phenomena that is considered unpredictable under a wire range of conditions. Typically, thermal noise in semiconductors.


To state the requirements for

a simple, easy to build and easy to market hardware RNG.



Use Cases

Software products


R1. Cheap

Must be capable of being implemented in few circuitry components. A constructed or sold product needs to be in the "opportunistic purchasing" range.


The requirement is to seed the bottom of the market and make use of RNGs routine. Those that need better quality can pay.


The security world has traditionally focused on "perfect quality" and "no known risks." Sometimes known as "no-risk security." This is bogus and has resulted in massive losses.

The more appropriate approach is risk based, opportunistic design. That is, use what you have available, compromise on what is not available.

The market for RNGs now is basically flat. This means that we are comparing not the market for those expensive quality ones, but the market where none are in use at all. So, providing something is better than nothing

This literally means we don't mind if their are flaws in the output. As long as it is better -- hopefully much better -- than nothing.

R2. Dead simple interface

The interface should be usable by any software without the need for drivers, etc.


Getting drivers out there is too costly.


Ideally, a "drive" interface and then we can use cat(1) to read.

R3. Parasited off Other

The device should be made with some other popular product.


Chicken & Egg. Nobody buys RNGs because nobody needs them because the software doesn't use them.


In order to sell them we would want to instead sell something else, and provide the RNG for free.

Hence, a 1G memory stick / pen with an RNG included. Alternatively, a USB hub with an RNG included (the ASIC design may make this easier.)

R4. Open Design

The device should be made according to an open source design.


In order to assess the quality of the RNs, the design must be auditable.


RNGs that are inscrutable are generally mistrusted by many. The opinion leaders look down on anything they can't get into, which leads to widespread rejection of many things. /. is the standard.

Adding to this, there is no reason why it can't be self-constructable. Those who want to do that will do so, but they are a tiny minority; most will prefer to buy, trusting the opinion of the opinion leaders, and purchasing "cool" on the market.


These following are not required but are often features in other systems. They are explicitly listed as such so as to describe the rationale for not requiring them.

A1. Cryptographic Quality of Randomness

Passing DIEHARD or MUST tests is not required.


Most software systems will mix in different pools of generators and thus do the cleaning up themselves.

Also, we need somethign quick and dirty.


Something is better than nothing, which is the status quo. Later on, if it works, add that stuff.