Ok, so in the spirit of “finishing things” I’ve been going through my collection of electronics in my “project box” and have dug up the OneRNG I bought off of Kicstarter ages ago. The basic premise is that it’s a “trusted”, “verifiable” random number generator with a strong source of entropy.
So, anyway, I downloaded the dependencies, downloaded the software and plugged it in. It appeared to be working and running the basic test from the website of:
cat /dev/random >/dev/null
and then seeing the LED on the board “dim” worked.
Now, I figured I’d test it some more. Specifically, I figured it might allow me to generate random numbers faster, making things like generating public/private keys faster. So, first up, timed generating 128, 256 and 512kb worth of random characters without the USB stick plugged in:
Then, the same test with the unit plugged in:
Obviously, my theory was wrong. For whatever reason, with the OneRNG plugged in, it actually took significantly (more than 2x) the time to generate the same number of random characters. Now, as to the cause, I’m not sure. I’m thinking maybe without it plugged in Linux uses multiple sources instead of just one and therefore has more “events” to get randomness from. Will need to ask on the OneRNG forums regarding whether this is even a good test.
Now, randomness is not just about “quantity”, but also about “quality” (i.e. how random the output actually is). To test this, a quick search turned up a nice tool called ent with a simple user interface. Running this over 512kb of randomly generated data (top is without OneRNG, bottom is with) we get the following numbers:
From these outputs (after reading the ent output documentation) we can see that OneRNG is generally producing much better randomness than whatever the typical RNG is on my Intel chipset (something in the CPU? + timing of keystrokes/mouse movements?). In particular, the “Chi square distribution” and the “Monte Carlo value for Pi” tests show significant differences.
Both sources have high entropy values and get good scores for the “Arithmetic mean” and “Serial correlation coefficient tests”.
So, those hoping getting a OneRNG will allow them to mass-produce randomness may be in for a surprise. The real value seems to be in a source of randomness that is, well… more random 🙂