[Cryptography] Generate Random Data From Sound Card

[Ray Dillinger]

On 3/7/26 10:11 AM, Christian Huitema wrote:
> If you allow a newbie question: what is the relation between the 
> entropy accumulation in the kernel and the sponge construction in 
> algorithms like SHA3?
>
Implementation of sponge constructions are very directed; if you give it 
specific data, it builds the same pool from that data every time and 
gives you the same response.  SHA3 wouldn't be very useful for 
generating repeatable hashes for specific inputs, if it were continually 
stirring additional bits into the sponge from many sources including 
some unknown to you.

The kernel entropy accumulator has a central entropy pool that is very 
similar to sponge constructions. Input to it is handled much the same 
way. The difference is that the entropy accumulator has a kernel process 
(or daemon) which is constantly reading many different sources of bits, 
making it effectively impossible for it to produce repeatable results 
from any "specific" data.  Many of the bits it reads are from protected 
hardware that couldn't be accessed from any user process. Its goal is 
very specifically to avoid producing repeatable results.

Whenever you pipe input to it, the accumulator happily accepts your 
contribution, but mixing it in also triggers immediate reads from 
additional sources of bits which you are supposed to be unable to 
predict. You are in effect prevented from using your knowledge of the 
information you've just fed it to guess or control what's in the pool 
after you feed it.

Which, as far as I know, you couldn't do even in theory unless you 
already have extensive knowledge of what's there before your addition, 
but the accumulator makes the effort to prevent you from doing so anyway.

Bear