views:

237

answers:

2

I'm working on a desktop application and would love to use any hardware random number generators that happen to be available, though I dont want the user to have to do any confusing setup to use it. its Java/Clojure based so something in the java world would be nice though I'm willing to work with just about anything. Know of any programs that do this well? are they cross platform?

+2  A: 

It depends on the quality of random numbers you need to generate. Specifically, how much entropy do you need?

If you really need some hardcore random numbers that aren't dependent on a predictable clock, you might want to check out the 3rd party generators available.

http://en.wikipedia.org/wiki/Hardware_random_number_generator

Some of these use thermal heat, etc... to increase the entropy of each bit.

Robert Greiner
The OP's asking how to interface with whatever's available, surely? How does the amount of entropy needed factor in here?
bdonlan
there are only so many options available in a vanilla machine. I was just letting him know that all random numbers are not created equal, and trying to inform him of some alternatives. My answer may not be exactly what he is looking for, but I think it is pertinent to his problem.
Robert Greiner
the short answer is "enough to keep my users data safe from all attacks up to but not including torture"
Arthur Ulfeldt
haha, ok. Then my approach is way too hardcore for what you need. bdonlan has an excellent answer.
Robert Greiner
+6  A: 

You should use the Java SecureRandom class. The user can override the default algorithm selection with a hardware RNG by setting its preference order. This then applies to all Java applications, including yours.

bdonlan
The corollary is that the app would need a SecureRandom engine class for each device that might "happen to be available". Unless someone out there already maintains a library of such classes for common devices, this is a tall order!
Stephen C
Or there can be one SecureRandom engine that uses the OS facilities for interacting with hardware RNGs
bdonlan
@bdolan: I don't think that will work. AFAIK, there are no specific standards for interfacing RNG hardware, and no standard OS-level services.
Stephen C
Not 'standard' but per-OS. Linux's /dev/random, Window's CryptGenRandom(), etc.
bdonlan