Several things:
* Using the output to seed MD5 for the next block exposes that part of the
state of the RNG. Might be better to use half the MD5 output as seed for the
next block, and the other half as output data.
* Your RNG takes input from an attackable source. I can significantly reduce
the entropy of your system by placing a transmitter near your machine (even if
I didn't know what frequency you were tuned to, I could try to just overload
the receiver's front end, or burn it out entirely). If my transmitter and
your receiver are very clean, the entropy could go quite low. With a better
entropy check, that might just turn into a DoS attack, but even then it might
be attackable - it would depend on how well I could manipulate the /dev/dsp
output via my transmitter. The present check only requires that some pair of
bytes differ by >16 - something that might be relatively easy to cause with a
transmitter. Of course, reading 128 bytes buys you a lot of entropy even just
from marginal noise, so you may still be okay.
-J
