In a recent post on his blog, security researcher Dan Kaminsky builds on the work of Matt Blaze and D.P. Mitchell’s TrueRand from 1996 while expanding on his Defcon 20 talk. In summary, any system with two clocks has a hardware number generator. The clocks’ tolerances lead to jitter, producing unmodelable noise in the system.
In his own words: “As announced at Defcon 20 / Black Hat, here’s DakaRand 1.0. Let me be the first to say, I don’t know that this works. Let me also be the first to say, I don’t know that it doesn’t. DakaRand is a collection of modes that tries to convert the difference between clocks into enough entropy that, whether or not it survives academic attack, would certainly force me (as an actual guy who breaks stuff) to go attack something else.”
If you’ve followed Dan’s past projects, you’ve got to figure he’s onto something here even if you don’t quite understand all the implications at first.