SudoMaker's PICoRNG Is a PIC-Based True Random Number Generator with Some Neat Features
Open-hardware design, selling pre-built for $16, is designed to feed entropy into any Linux, BSD, or macOS system from avalanche diodes.
Electronic gadget specialist SudoMaker has launched a device designed to add true random number generation to almost any computer with a USB port — complete with anti-tamper measures designed to ensure the data you get hasn't been adulterated.
"The PICoRNG is a USB random number generator making use of the well-known diode avalanche effect, affordable, secure, and with good software support," SudoMaker writes of the tool. "With this device, you no longer need to depend on these black boxes in your CPU to provide you random data."
The USB dongle itself is built around a Microchip PIC16LF1454 microcontroller with three 2N3904 diodes. It's the diodes which provide the random data itself: Operating a diode just at the very point of breakdown causes random spikes, as electrons "avalanche" through the semiconductor. By measuring these spikes, it's possible to get what should be wholly-random data — then use them as entropy for a cryptographic system.
The tool is designed to show up as a custom USB device, with support for Linux, BSD, and macOS operating systems — but not for Windows, owing to its lack of support for user-provided entropy sources. The data it provides can be used to feed the system entropy pool, or redirected from stdout to anything else that can benefit from randomness.
It also includes a handful of security features, including ECDH-based authenticity verification designed to prevent the device from being replaced with a clone and built-in checks, which process the random data in order to ensure its randomness. "Since the entire device is open sourced," SudoMaker adds, "you can implement more security measures by yourself, such as wiping the flash after consecutive BOR events, or simply cut off the programming pin traces and put some black epoxy onto the PCB."
Source code and hardware design files are available on the SudoMaker PICoRNG GitHub repository, where they are published under the AGPLv3 and CERN-OHL-S v2 licenses respectively. Assembled units, meanwhile, can be purchased on Tindie for $15.99.
