What is the NIST-approved way of getting random numbers?
NIST SP 800-90B mentions how the HWRNG should preform, testing, validation, access to raw and post-processed (optional) data, etc.
But doesn't mention specifically what sources are valid.
- Does mashing on the keyboard collecting nanosecond-precise key press times work?
- What about rolling dice or flipping coins?
- USB HWRNGs?
- Video cameras, microphones, RTL-SDR, etc.?
What's a valid source and what isn't?
I can model tossing dice and flipping coins very easily and cleanly.
For example, 256 flips of a fair coin, recording "H"/"T" per flip, then hashing the result with SHA-256 should work.
I can prove the coin is fair, show the entropy per flip (1 bit), save the raw flips as well as the post-processed SHA-256 hash.
It meets all of the requirements in NIST SP 800-90B, although cumbersome. So it should work, no?
True randomness requires you to model the entropy of a sleeping baby moving and flopping over every square inch of a bed in ways no human can possibly predict.
