How generate REAL random number using STM32 MCU?

Question

I'm working on a project with STM32F103E arm cortex-m3 MCU in keil microvision IDE.
I need to generate random numbers for some purposes, but I don't want to use pseudo-random numbers which standard c++ libraries are generating, so I need a way to generate REAL random numbers using hardware features, but I don't know how I can do it.
Any idea? (I'm a software engineer & not an electronic professional, so please describe it simple :P)

Answer 1

This is an old question I just ran across, but I want to answer because I don't find the other answers satisfying.

"I need random numbers for RSA key generation."

This means that a PRNG routine (too often erroneously called RNG, a pet peeve of mine) is UNACCEPTABLE and will not provide the security desired.

An external true RNG is acceptable, but the most elegant answer is to change over to an STM32F2xx or STM32F4xx microcontroller which DOES have a built-in TRUE random number generator, meant precisely for applications such as this. For development I suppose you could use thr F1 and any PRNG, but the temptation there would be "it works, let's ship it" before using a true RNG, shipping a faulty product when the RIGHT component (certainly the ST F4, and I think also the F2 chips have been around since before this question was asked) is available.

This answer may be unacceptable for non-technical reasons (the chip was already specified, the OP had no input to the features needed), but whoever chose the chip should have picked it based on what on-chip peripherals and features needed for the application.

Answer 2

As pointed out, the chip does not have a hardware RNG.

But you can roll your own. The usual approach is to measure jitter between INDEPENDENT clocks. Independent means that the two clocks are backed by different christals or RC-oscillators and not derived from the same.

I would use:

• SysTick timer / counter derived from system clock (MHz range)
• One of the kHz-range RC oscillators

Set up a counter on the kHz-range RC oscillator to give you an interrupt several times a second. In the interrupt handler you read the current value of the SysTick counter. Whether or not SysTick is used for other purposes (scheduling), the lower 5 or so bits are by all means unpredictable.

For getting random numbers out of this, use a normal pseudo RNG. Use the entropy gathered above to unpredictably mutate the internal state of the pseudo RNG. For key generation, don't read all the bits at once but allow for a couple of mutations to happen.

Attacks against this are obvious: If the attacker can measure or control the kHz-range RC oscillator up to MHz precision, the randomness goes away. If you are worried about that, use a smart card or other security co-processor.