Post Syndicated from corbet original https://lwn.net/Articles/961121/

The generation of random (or, at least, unpredictable) numbers is key to
many security technologies. For this reason, the provision of random data
as a CPU feature has drawn a lot of attention over the years. A proper
hardware-based random-number generator can address the problems that make
randomness hard to obtain in some systems, but only if the manufacturer can
be trusted to not have compromised that generator in some way. A recent
discussion has brought to light a different problem, though: what happens
if a hardware random-number generator can be simply driven into exhaustion?