[mitchellberry]

XOR it with /dev/urandom, the result will be as strong as the best source of entropy.

[adrianN]

I don't think this is true without some assumptions. The two bitstreams could cancel out if cleverly chosen.

[simias]

That would mean that the attacker can already predict /dev/urandom, rendering it effectively useless. So the parent is right, "the result will be as strong as the best source of entropy", if both sources are bad then the result will be as well.

[jonathanstrange]

It is true under the assumption that the two sources are independent of each other. If one of the sources is entirely known or predictable, this will not affect the entropy of the other source.

[Tomte]

If you know "the other" bitstream, sure. The only sensible premise is that you don't.

[dTal]

If both bitstreams are cleverly chosen, then neither is a source of entropy.

[mseebach]

But isn't the point of a hardware entropy source that you don't quite trust /dev/urandom?

[tednoob]

You have two adversaries. Adversary A have control over your hardware source, and adversary B have control over /dev/urandom. If you XOR them A and B must cooperate to compromise your random generator. You can combine as many sources of randomness as you want, and each increase the difficulty for an adversary to defeat your generator.

[pishpash]

That just gets you the entropy of /dev/urandom, if you can't trust your original source.