[asafira]

Genuine question: why would switching out the source of random bits make for that much more complexity? The hardware is more complicated right now for sure --- do you mean to say that the work in checking the hardware doesn't have less obvious exploits (compared to simple Johnson noise measurements) is the tricky bit?

[tptacek]

Because hardware and hardware connectivity can fail, and the one thing cryptography needs from the system CSPRNG is not having failure cases. Since past a threshold the quality of the entropy source does not in fact matter, no amount of added complexity, however marginal, has a positive return on investment.