There's now been reported a way to hack a computer by way of its microphone, so that particular method is out.

> or CPU temperature.

CPU temperature doesn't change enough to serve as a secure source of entropy.

> No need to buy expensive hardware generators.

In fact, there are plenty of projects meant to locate sources of entropy to provide more randomness for computer security purposes. The idea of a hardware source like a reverse-biased diode is just one example.

> Then you can use something like Fortuna ...

Interestingly, the Fortuna scheme relies on system sources of entropy other than its own resources to assure security.

No, it's not. It's in some server in a datacenter. If you can get to the server, you can just change the Poker code, no need to do any crazy microphone hacking. Plus you'd need to know exactly when and how the microphone was sampled.

> CPU temperature doesn't change enough to serve as a secure source of entropy.

Doesn't matter how much it changes, the lowest bits are random on a large enough time scale.

You can just run the sampler until you get enough bits, it will take a few minutes. Or you can run it constantly and add more and more entropy as you go.

> No, it's not.

Excuse me? Here's the source:

http://www.scientificamerican.com/article/computers-can-be-h...

Here's a quote: "Computers Can Be Hacked Using High-Frequency Sound -- A computer's microphone and speakers can covertly send and receive data"

Which word didn't you understand?

>> CPU temperature doesn't change enough to serve as a secure source of entropy.

> Doesn't matter how much it changes, the lowest bits are random on a large enough time scale.

False. Computer temperatures aren't a decent source of entropy, because they're too likely to remain stable for long periods. And the temperature can be predicted on a daily basis, a dangerous property for a secure source. That's why this source isn't used.

Good luck getting that close to a server in a data center.