[Cryptography] Generate Random Data From Sound Card

Sun Mar 8 23:00:22 EDT 2026

On 3/7/26 10:11 AM, Christian Huitema wrote:
>
> If you allow a newbie question: 

If you're a newbie, you should know that the discussion of random number 
generation, and many of the niceties and tips and tricks you've heard in 
this thread about the care and feeding of entropy pools, are now mostly 
irrelevant to normal users.  Many of us are old-timers reminiscing about 
hard times when we had to walk uphill both ways barefoot in the snow etc 
etc.  The vast majority of the problems we were and still are in the 
habit of worrying about have been effectively solved at this point.

As far as ordinary users are concerned, it is enough to just read 
/dev/urandom.  If particularly worried about a few remaining problems 
that are almost esoteric at this point, you may want to wait until it's 
more than a few seconds after bootup to read /dev/urandom. Otherwise you 
don't have to worry about it. Much of the credit for not having to worry 
about it belongs to Ted T'so, whom you can thank right here on this list.

[Waves at Ted:  Seriously, you are a literal hero to the entire world at 
this point, and you deserve medals and awards and accolades from a 
hundred different countries. Literal billions of people and probably 
tens of trillions of dollars worth of commerce routinely and 
successfully depend on your code for protection and security, and you've 
been absolutely straight with everybody in your work on it from the 
beginning.]

Old-timers remember when random number generation was hard.  Not too 
long ago many sources of unpredictable bits now in use had not been 
harnessed.  In earlier times there weren't very many sources of 
unpredictable bits on a machine at all. Before the mid-1990s the 
"accumulator" was mostly a collection of ad-hoc background process 
running in user space, without access to things the kernel can see and 
without kernel-level protections. We obsessed over the quality of random 
numbers back then because we never knew which of those processes were 
monitored or which of those inputs were controlled, by whom, or when. I 
wrote and still have code for an original CSPRNG on my hard drive, whose 
output I used to XOR against RNG output from other sources "just in 
case," even though I've not used it that way in years. I'm fond of it 
because it's mine, but it's less efficient than CSPRNG's that anybody 
can routinely download now.

Along the way there have been lots of obstacles, including the 
aforementioned gent who kept cutting sources of bits from the input 
whenever it wasn't possible to predict how unpredictable those bits were 
going to be. In 2016 or so there was a disastrous unthinking response to 
a compiler warning about "using uninitialized memory" that led someone 
else to cripple Debian's OpenSSL implementation resulting in a massive 
compromise that ran for a couple of years. And there have been other things.

So we were in the habit of worrying about randomness, and dealing with 
some kind of compromised-RNG security disaster every few years.  But 
that's been more than just a few years ago now.  Bad things could still 
happen if someone messes it up, but discussions like the one we're 
having now are mostly about shared memories. We are reminiscing about 
who we were and what we did to cope with days that were filled with 
hardships, even though those hardships have mostly ceased to be.

Bear