From Newsgroup: sci.crypt

Byrl Raze Buckbriar <news0@octade.net> wrote:

KEYSTRIKE generates very, very random seeds that are truly random.
KEYSTRIKE uses /dev/urandom and several TRNG mixing techniques

I analyzed your KSRNG code and have concerns about the "true random" claims.

The primary entropy source is /dev/urandom, which is a cryptographically
secure pseudorandom generator, not a true random source. While excellent
for most cryptographic purposes, it cannot be classified as "true random"
since it's algorithmically derived from limited entropy pools.

The keystroke timing additions provide minimal entropy (approximately
1-2 bits per keystroke by most estimates) and the subsequent mixing
operations (shuffling, hashing) are deterministic transformations that
cannot increase the overall entropy beyond the initial /dev/urandom seed.

For context: I work with atmospheric noise capture for one-time pad
generation, and even this physical entropy source only passes ~76% of
Dieharder tests due to the stringent requirements for statistical
randomness.

Your tool may be useful for key stretching or adding modest entropy,
but marketing it as "true random" is misleading to users who require
genuine hardware TRNG security.

- Battosai
--- Synchronet 3.21a-Linux NewsLink 1.2