# IoT Rng Fiasco

<figure><img src="/files/v9rMRhmqQeyOoBTP2zDv" alt=""><figcaption></figcaption></figure>

The article ["You're Doing IoT RNG" by Bishop Fox](https://bishopfox.com/blog/youre-doing-iot-rng) explores the critical issues surrounding the use of random number generators (RNG) in the Internet of Things (IoT) devices. It highlights the common practice of IoT devices relying on hardware RNGs for generating random numbers essential for security functions like encryption keys. However, these RNGs often fail to deliver truly random numbers due to improper implementation and lack of error checking in their usage.

A significant point raised is that most IoT systems rely directly on hardware RNGs without intermediary layers, such as those provided by operating systems in more traditional computing environments. This direct reliance can lead to issues because hardware RNGs might fail due to reasons like low entropy or operational errors, and these failures often go unchecked by developers. The article discusses the non-standard handling of RNGs in IoT compared to more robust methodologies employed in server environments, where cryptographically secure pseudo-random number generators (CSPRNG) are used to ensure the randomness and security of numbers.

The solution proposed involves adopting CSPRNG subsystems within IoT operating systems, which can provide a reliable source of randomness without the quirks associated with direct hardware RNG access. This approach is slowly being adopted in emerging IoT operating systems, which could improve the security posture of IoT devices significantly.&#x20;

The concept of a Decentralized Quantum Random Number (QRN) API, like the one offered by Sp8de, could potentially address many of the issues highlighted in the discussion of IoT RNG weaknesses. By leveraging blockchain technology and decentralized mechanisms, such a system could provide a more reliable and secure source of randomness for IoT devices and other applications.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sp8de-docs.gitbook.io/s-p-8-d-e-or-white-paper/vulnerability-of-decentralized-rngs-to-cyber-attacks/iot-rng-fiasco.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.