The Microsoft/VISA Secure Transaction Technology specification [12] recommends the use of human interaction with the computer as the best source of physical-like random information. The encryption program can collect such information by asking the user to type for a while or move the mouse cursor around.
The specification also recommends the use of the following sources for random information, but inform on the highly variable information content (or entropy) the sources give. Quantities that change rapidly generally has high entropy, while slowly varying quantities has low entropy.
All such data should be run through a mixing and compression function, such as MD5 so that correlations from run to run or boot to boot will be destroyed. XOR is not an adequate mixing function, since it allows reversal of the addition of noise.
RFC 1750 [13] recommends using special hardware for random number generation, or the use of digitized versions of real world analog noise sources. Most new UNIX workstations and also personal computers are equipped with sound cards or video grabbing features. If the gain of the input stage (analog to digital converters) in these peripherals are large enough, they will produce essentially thermal noise. The input of the A/D converter should not be connected to a sensor. I.e. no microphone connected, or a camera with the lens cap on could be used.
Data read from such devices also need to be de-skewed, as the distribution of the bits are usually not uniform. This can be accomplished with for example MD5 as above.
Once about 100-200 bits of high quality random bits has been collected, they can be used to seed a good pseudo-random number generator to produce strong sequences of unpredictable quantities.