What is the most secure seed for random number generation?

Question

What are the most secure sources of entropy to seed a random number generator? This question is language and platform independent and applies to any machine on a network.

Answer 1

OK, assuming that the client needs a strong seed, and you are using cloud computing here is a solution, for some hardware random number generators you can look here:

http://en.wikipedia.org/wiki/Hardware_random_number_generator

So, this assumes that each client has a public/private key pair, where the server knows the public key for each client. To generate a key you can use something similar to what was done with PGP, in the beginning, where you take the difference in time between key strokes as someone types, as that won't be guessable.

So, the client submits a request for a random number. The server uses a hardware generator, encrypts it with the public key, and signs this with the server's private key. The client then can verify where it came from and then decrypt it.

This will ensure that you can generate a random number and pass it back in a secure fashion.

UPDATE:

Your best bet is to look in the Art of Computer Programming or any of the Numerical Methods book, or look at what Bruce Schneier has written, such as these links: http://www.schneier.com/blog/archives/2006/06/random_number_g.html http://www.cryptosys.net/rng_algorithms.html http://www.schneier.com/blog/archives/2006/06/random_number_g.html http://www.schneier.com/blog/archives/2006/06/random_number_g.html Suggestions for Random Number Generation in Software, ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf

You can also look at having Crypto++ do the generation, or at least look at how Wei Dai did it, http://www.cryptopp.com/