Several things: * Using the output to seed MD5 for the next block exposes that part of the state of the RNG. Might be better to use half the MD5 output as seed for the next block, and the other half as output data.
* Your RNG takes input from an attackable source. I can significantly reduce the entropy of your system by placing a transmitter near your machine (even if I didn't know what frequency you were tuned to, I could try to just overload the receiver's front end, or burn it out entirely). If my transmitter and your receiver are very clean, the entropy could go quite low. With a better entropy check, that might just turn into a DoS attack, but even then it might be attackable - it would depend on how well I could manipulate the /dev/dsp output via my transmitter. The present check only requires that some pair of bytes differ by >16 - something that might be relatively easy to cause with a transmitter. Of course, reading 128 bytes buys you a lot of entropy even just from marginal noise, so you may still be okay. -J