| Don't xor things that are obviously dependent on each other in any way - such as two samples of radio noise - since you risk eliminating a source of entropy. on the other hand, you can only increase entropy by xoring things that are obviously independent, such as a software RNG that doesn't know anything about your radio setup, and obviously your radio setup doesn't depend on your software RNG (but make sure of this - it's imaginable, though unlikely, that your radio setup somehow is actually picking up the low bit from your CPU right as you're doing all this xor'ing.) if you can be guaranteed that sources are independent, you can xor with anything (all zeros if you like, whatever) and it cannot possibly decrease entropy. set up a chain of xor's. why? Because recall: 1) XOR'ing is commutative, so if a good source of entropy is anywhere in the xor list you can rewrite it to be the last element and the value of the expression will be unchanged. 2) a good source of entropy is an OTP, so applying an OTP from a random source as the last step cannot possibly retain any information from previous steps. even if all the other steps add up to "all zeros" a single good source of entropy xor'd anywhere in the expression will make it perfectly random. So, as long as you can be assured they're independent, xor all of the sources you want. If they're not independent, though, be careful. A source of radio entropy is not bad in your 'stack'. But there is no cost to adding half a dozen pseudo RNG's either, the low-bit of the time in milliseconds, and any other source you can think of. as a tip to increase entropy, draw from your RNG continuously, not only when you need the next value. then the exact timing of which output you use will be end up increasing entropy. Again this is true if your sources are independent and nothing can play with this entropy by viewing and selectively massaging the final output. |