Now you may think your source provides perfect entropy, but it doesn't. The output by your source is determined by external factors. There are many factors as you mentioned but still, if these factors are constant for a period of time then your source may observe some bias or pattern and with that its entropy goes down. If the entropy goes down, then the output is not truly random anymore in an information theoretic sense. (it may still "look random" of course). The only way to bring up the randomness in the output is to either find a new source for entropy or just output less data.
Of course this is not visible when extracting small data sets, but if you want to claim it to be "truly random" then small data sets are not enough. So what real random number generators (not pseudo-random, the comparison with PB's random is of course nonsense) do is they try to measure the amount of entropy that their source provides, and if the caller requests more random data than there is entropy available then they either try to find a new source, or block until they can provide the data.
See also here:
http://en.wikipedia.org/wiki/TRNG#Using_observed_events
Don't mind the talk about attackers, because controlling the output of your source from the outside would indeed be a hard task but look at the way such generators are constructed generally. So yes, a source like yours can be used to produce random data. But the source on its own is not perfect or "truly random" on its own. You have to collect the data it provides and estimate the amount of entropy it provides to be able to know how much random data you can actually produce. Its not a "random indefinite stream of bits" just because the CPU never stops running.
Thats what i was saying initially. Its not as simple as you put it.
Saying a source is "too random" for cryptography is just a joke, sorry.And why is that? It's obvious that using the TSC as a RNG would be a horrible choice, you can't have a unpredictable RNG, that's why crypto uses PRNG's instead to avoid anything resembling patterns (even naturally occurring random patterns).> I'd never advise using RandomBit() as it is for crypto stuff, for that it's far to random, erm, unpredictable.
Sorry, but thats just the joke of the day
Even a temporary pattern could make a key stream weak at a moment and thus allow an attacker to crack the stream or key.
Cryptographic key generation does not use pseudo-random number generators. Key generation uses external sources of entropy as much as possible (such as your source and others), then on top of that input runs a cryptographic save pseudo random number generator or hash function to provide the statistical properties that are needed (such as avoiding all 0's etc). Do you remember the OpenSSL problems in debian a while back ? The reason for all the trouble was that somebody removed the primary source of entropy for the key generation, leaving only the current process id as input. The generated key still "looked random" because of the processing that followed, but in truth the total pool of generated keys was very very small.
I wasn't trying to hurt your feelings. As I said, this may well fit your needs and those of a lot more people around here, but don't claim it to be perfect when it isn't.Just saying "haha your wrong" and not backing it up rubs me the wrong way, as far as I can recall there's never been any beef between us before, so where this is coming from I have no idea.
peace