The Infinite Noise true random number generator is the ultimate in open source crypto devices. I put my name on the waiting list and ordered immediately as soon as I received the availability notice. It arrived a few days later in a small padded envelope. The device is small, about half the length of my little finger, with a transparent shrink wrap cover that allows you to inspect all the components on the circuit board. This plus the published schematic and parts list provides high confidence that the device is exactly what it claims to be: a true random number generator. The controlling software compiled from source code and ran without trouble on my Ubuntu 14.04 LTS linux machine. It does exactly what it claims: generates random numbers (it passed a quick ENT test and NIST rngtest) and adds them to the operating system random number pool, making them available to programs that need it. On my setup it put out 34.5 kB/s of random data and made generating RSA keys nearly instantaneously. Previously I had to move the mouse around for a few minutes to generate enough randomness for GnuPG to complete the generation process. A big thank you goes to Tindie and Waywardgeek for offering this product and saving me from the unimaginable task of trying to solder those *tiny* surface mount parts myself. At $35 this is an amazing deal.
Works as advertised, free software tools top-notch. I was able to directly source my /dev/random number source from this device, and it works as a charm, producing much more entropy than my computer hardware was capable of.
This is a pretty good TRNG, although I haven't run it for long enough to really throw it through the usual suites. The theory is sound, though. The version I received seems to incorporate many of the layout changes submitted to the github repository, which further shows that this device isn't layout (read: external interference) dependent. That's not to say that you cannot influence the circuit, but influencing it to one's advantage is difficult at least when adhering to some sanity. For example, while it's possible for the random output to have sequences of zeroes or ones, the software only allows 20 after which it exits. Such a sequence (I have had zeroes and ones) can be introduced by hovering a finger around C8/C7. Slight influencing triggers the "NOT OK" state, so that's another indication that the device is being tampered with. This does require the enclosure to be removed, but theoretically one might be able to force brief sequences in this manner and may require further investigation.
A major pro is also that everything about this appears to be open - theory, schematic, PCB, BOM (includes the enclosure!), code.
On a slight down side, the Windows side of the software end is a bit lacking. The provided binary is a bit less than helpful when started as it only complains about no output file being specified. Looks like an off-by-one error in the code, as it's supposed to list the available options (minus dev/random output, presumably.) The binary can also only write out to a file, which is locked out from reading. I'm not C++ programmer, but it seems that might be a simple change from fopen_s to _fsopen with the appropriate flags to allow reading (but not writing!). That would at least open the existing utility up for use with unsophisticated third party software. Ideally I'd check if I can directly interface with the infnoise so I can output directly to e.g. a greyscale bitmap, but for now just letting it run for a while and parsing the output file will do.
I have no doubt that these minor software issues can/will be addressed, so I'm not letting that weigh on my review score**. This is a solid product and I congratulate the authors for making it. If the PCB edge connector version ever makes it (back*) onto Tindie as well, I'd be inclined to get another one just to tinker with (would love to try and stick an indication LED on there - maybe then it would register on my USB voltmeter, too... forgot to mention that: this thing draws negligible power, doesn't get hot, etc.) ( * I think a heatshrink-wrapped version was listed for a very brief time )
** I haven't communicated with this seller, but a rating is required and by the way everything is documented, I have no doubt that 'Amazing' would apply.
Response from WaywardGeek | Feb. 1, 2015
Thanks for the positive review! I generally don't want to reply to reviews - I don't want to influence them. However, I am interested in this TNRG's security. I am unable to reproduce effecting the output by hovering near C7/C8. I actually have to _touch_ it, becoming part of the circuit myself. I am very interested in results of attacks against it, such as radio signals, power supply noise injection, etc. Thanks for anlyzing it!
If anyone could think of a complaint about getting a TRNG made up by hand for roughly the cost of the parts which is super easy to set up and works first time like a charm, it wouldn't be me. Wayward geek is a crypto/security hero.