How to Generate Random Numbers
In general there are three methods for generating random numbers: software, physical sources, and Quantum uncertainty.
Software
The most common approach to generating random numbers is by using a deterministic algorithm implemented by a computer program. Such deterministic algorithms cannot generate truly random numbers (at best they are predictable and reproducible, and at worst, have bad statistical characteristics). Thus, software generators are usually called pseudo-random or quasi-random generators.
Physical Sources
A second approach to generate random numbers is to use physical phenomena that fall in between software generators and quantum based hardware generators. For example, the Linux operating system has random number generators that use entropy generated by the keyboard, mouse, interrupts, and disk drive behavior as the seed. Microsoft's® CryptGenRandom function (part of the Microsoft CryptoAPI) is similar using, for instance, mouse or keyboard timing input, that are then added to both a stored seed and various system data and user data.
While these physical activities may look random, their randomness cannot be proven, and they run the risk of generating poor entropy (or no entropy) if the sampled physical activity is dormant or repetitive. There are several potential security vulnerabilities when using such physical activities. For example, in networked applications such as browsers, the application traffic between a client and server effectively publishes the locations and sequence of the client's mouse-events. Similarly, users may enable "snap-to" options that center the mouse pointer in the center of the button to be pressed and make the click locations predictable. As a result, the entropy from mouse movements in these environments could be far less than an RNG designer expected.
Quantum Mechanism
The only truly random generator is a mechanism that detects quantum behavior at the sub-atomic level. This is because randomness is inherent in the behavior of sub-atomic particles. A quantum based hardware generator is practical, with examples that have been used including:
1) The interval between the emission of particles during radioactive decay.
This source generates only 30 bytes per second and requires a cumbersome (and dangerous?) collection of hardware.
2) The thermal noise across a semiconductor diode or resistor.
This is the approach most often used in add-on PC hardware.
3) The charge developed on a capacitor during a particular time period.
4) The frequency instabilities of multiple free running oscillators.
This approach is the basis of the VIA PadLock RNG approach. While implemented differently than the resistor based approach, ultimately, the source of randomness is the same.
These sources have been used in a few commercially available add-on random number generator devices, none of which have achieved much visibility or use. Since they are peripheral devices such as PCI cards and serial port devices, these commercial hardware generators are expensive and cumbersome.
VIA Padlock RNG: On-Die Quantum Randomness
To address this need for good random numbers in security applications, VIA introduced the Nehemiah processor core in January 2003 that included the VIA Padlock RNG, integrating a high-performance hardware-based random number generator onto the processor die. The VIA PadLock RNG uses random electrical noise on the processor chip to generate highly random values at an extremely fast rate. It provides these numbers directly to security applications via a unique x86 instruction that has built-in multi-tasking support.
Capable of creating random numbers at rates of between 800K to 1600K bits per second, the VIA PadLock RNG addresses the needs of security applications requiring high bit rates that algorithmically increases the quality (randomness) of the entropy produced, for example by applying hashing algorithms to the output.
The VIA PadLock RNG uses a system of Asynchronous Multi-byte Generation, where the hardware generates random bits at its own pace. These accumulate into hardware buffers with no impact on program execution. Software may then read the accumulated bits at any time. This asynchronous approach allows the hardware to generate large amounts of random numbers completely overlapped with program execution. This is opposed to good software generators, which can be fast but consume a significant number of CPU cycles and have a negative affect on affecting overall system performance.
The VIA PadLock RNG has undergone comprehensive testing by leading data security firm, Cryptography Research, Inc.; results show high-performance, high-quality entropy and ease of use. See the complete Cryptography Research report, "Evaluation of VIA C3 Random Number Generator," dated February 27, 2003.