True Entropy

What is Quantum Entropy?

The universe has a secret: at the quantum level, nature is genuinely, fundamentally unpredictable. True Entropy harnesses that unpredictability to protect your digital life.

⚡ TOOLS

🛡 SECURITY

The Problem

Why ordinary random numbers are dangerous

Every password, key, and token your devices generate today comes from a mathematical formula — a pseudorandom number generator (PRNG). Given the same starting seed, a PRNG produces the same sequence every time. It is not truly random. It is a pattern.

Attackers who can predict or reconstruct your PRNG seed can predict every key you have ever generated. This is not theoretical — it has broken real-world encryption systems, stolen cryptocurrency, and exposed governments and banks.

Check if your current passwords are already in a breach database →

The Science

Where quantum randomness comes from

Quantum mechanics — the physics of the very small — describes a universe where certain events have no cause. They simply happen, with a probability but never a predetermined outcome. This is not a limitation of our knowledge. It is a fundamental property of reality, confirmed by over a century of experiments.

When a photon (a particle of light) hits a camera sensor, the exact number of electrons released is governed by quantum chance. Frame to frame, pixel to pixel, the variation is real noise — not mathematical noise. No computer, no algorithm, no attacker can predict it.

Types

Types of quantum random number generation

⚡
Photon shot noise (ours)
Camera sensor captures laser light. Quantum uncertainty in photon arrival creates frame-to-frame variation. Simple, cheap, fast.
🔬
Optical vacuum fluctuations
Measures quantum vacuum noise using homodyne detection. Used by ANU QRNG. Requires laboratory optics.
⚛️
Radioactive decay
Detects random decay events from a radioactive source. Used by HotBits. Requires a Geiger counter.
🌊
Bell inequality / entanglement
Uses quantum entanglement to certify randomness. Gold standard. Requires quantum computers or lab setups.
📡
Atmospheric noise
Measures radio noise from lightning strikes. Used by Random.org. Not quantum — classical physical noise.

Our Method

How True Entropy generates your numbers

Laser source

A laser illuminates the camera sensor continuously. High photon flux means high shot noise — more quantum uncertainty per pixel.

Frame differencing

Two consecutive frames are subtracted. Fixed sensor noise cancels out. Only the quantum shot noise remains.

LSB extraction

The least significant bits of each pixel difference carry the most noise — the most quantum randomness per bit.

Von Neumann debias

A mathematical extractor removes any remaining statistical bias. Bit pairs (0,1)→0, (1,0)→1, identical pairs discarded. Output is perfectly balanced.

SHA-256 conditioning

Final whitening pass per NIST SP 800-90B. Ensures uniform distribution across all output values. Industry standard.

Entropy pool

Conditioned entropy is stored in the entropy pool and served on demand. Enable Node Mode to share it with every device on your network.

Your Tools

What each generator does and when to use it

🔑 Password — 48 characters ↗

Generates a 48-character password from a quantum-seeded character set. Why 48? At 256 bits of entropy, this password cannot be brute-forced with any known or foreseeable computing system, including quantum computers. Use for: master passwords, vault keys, account credentials.

⬡ Hex Token — 256-bit ↗

32 raw quantum bytes as hexadecimal. 256 bits is the gold standard for symmetric encryption keys (AES-256). Use for: API keys, session tokens, symmetric encryption keys, seed material for other systems.

🛡 WireGuard Private Key ↗

WireGuard uses Curve25519 — a 32-byte private key. The security of your entire VPN depends on this key being unpredictable. Standard system generators use /dev/urandom, which mixes pseudorandom and real noise. Ours is 100% quantum. Use immediately after generation — do not store.

🔢 Secure PIN — 6 digits ↗

Each digit derived from a separate quantum byte. Standard PINs generated by apps often cluster around certain values due to PRNG bias. A quantum PIN has exactly equal probability for every digit at every position. Use for: hardware wallets, access codes, physical locks.

🪪 UUID v4 ↗

UUID version 4 uses 122 bits of random data. Standard UUID libraries use PRNGs — in high-volume systems, collisions have occurred. A quantum UUID has 2¹²² unique values with no mathematical relationship between them. Use for: database primary keys, distributed system IDs.

📦 Raw Bytes — 16 bytes Base64 ↗

16 raw quantum bytes encoded as Base64. The most flexible format. Use for: salts for password hashing, nonces for authenticated encryption (GCM/ChaCha20), or seeding any cryptographic system that accepts raw entropy.

Node Mode

Using your phone as an entropy node

When Node Mode is active, this device becomes a quantum entropy server for every device on your network — laptops, IoT, smart TVs, routers. Any device can request entropy at http://[phone-ip]:8080/entropy.

Your phone caches a local pool of quantum entropy. If it loses connection to the True Entropy source, it continues serving from its cache — maintaining security even in offline or emergency scenarios.

Run node_forwarder.py via Termux to activate the local entropy server.

Why It Matters

Post-quantum cryptography and the future

NIST has standardised the first post-quantum cryptographic algorithms (FIPS 203, 204, 205 — published 2024). These algorithms are designed to resist attacks from quantum computers. But they still require high-quality classical randomness for key generation.

A world with quantum computers is a world where PRNG-generated keys become increasingly vulnerable. True Entropy prepares you for that world today: hardware that generates real quantum randomness, locally, with no cloud dependency, no data leakage, and no single point of failure.

Harden this device with PQC key material → Check your passwords for breaches → See the verified security tool stack →

Security & OpSec

Quantum entropy is your foundation. These tools and practices build the full defensive stack above it — from device hardening to operational security and threat awareness.

Device Hardening

Scan crypto environment & generate PQC key material

Audits your local cryptographic environment then generates a complete set of quantum-seeded keys — suitable as seed material for ML-KEM, ML-DSA, and all NIST FIPS 203/204/205 post-quantum algorithms.

⚡ Deploy Entropy Client

Harden any device on your network with quantum entropy — no external download required. The client installs on Windows, Linux, or macOS and pulls live quantum entropy from this node, serving it locally at localhost:7777/entropy.

When this node is offline, the client falls back to hardened OS CSPRNG automatically — zero disruption.

Windows

Linux

macOS

1. Download the client below
2. Open a terminal and run:

pip install requests
python te_client.py

Client auto-discovers this node and serves quantum entropy at localhost:7777/entropy

1. Download the client below
2. Run as service (feeds /dev/random):

sudo python3 te_client.py --quiet

Root access enables direct kernel entropy pool injection.

1. Download the client below
2. Run in terminal:

python3 te_client.py

Add to Login Items for auto-start on boot.

⬇ DOWNLOAD ENTROPY CLIENT

Single Python file · No installation · Works on any device with Python 3.8+

Breach Intelligence

Check if your password has been compromised

Uses k-anonymity — only the first 5 characters of your password's SHA-1 hash are sent. Your actual password never leaves this device. Checks against 13 billion+ breached records.

Verified Tools 2026

Security professionals use these

Editorial recommendations only. True Entropy has no affiliation, partnership, or commercial relationship with any listed tool. All are independently chosen, open-source or audited, and free to use.

🔐 Signal — Post-Quantum Messaging

The only mainstream messenger with deployed post-quantum cryptography. SPQR (Sparse Post-Quantum Ratchet) adds ML-KEM to the Signal Protocol, meaning messages are safe against future quantum computers. Signal handles 1B+ messages daily. Free, open-source, audited. signal.org

🕵️ SimpleX Chat — No Identifiers

No phone number. No email. No account. No user ID of any kind. Uses temporary anonymous message queue IDs — the server cannot link any two messages to the same person. Maximum metadata protection. simplex.chat

🌐 Mullvad VPN — Fully Audited

Open-source client. No accounts — pay with cash or Monero. Their new GotaTun WireGuard implementation passed NCC Group audit in January 2026 with zero critical, high, or medium findings. The Android app passed MASA audit in 2025 with no required fixes. mullvad.net

🔑 KeePassDX — Offline Vault

Open-source, fully offline password manager for Android. Your vault is an encrypted file you control — no cloud sync, no server, no account. Pair with quantum-generated master passwords from the Tools tab. Free on F-Droid and Play Store.

🦊 Arkenfox — Hardened Firefox Config

Not an app — a single user.js configuration file that hardens Firefox's privacy and anti-fingerprinting settings, with documented justification for every preference. Drop it into your Firefox profile. Closest to Tor Browser hardening for daily browsing without Tor routing. github.com/arkenfox/user.js

🔥 Portmaster — Application Firewall

Open-source per-application network firewall for Windows and Linux. Shows every connection every application makes in real time. Block applications from phoning home even when on a VPN. safing.io/portmaster

Threat Model

What you are actually defending against

Predictable key generation

Keys generated by a seeded PRNG can be reconstructed by anyone who knows or can guess the seed. This broke real-world VPNs, SSH servers, and TLS certificates. Quantum entropy eliminates this.

Entropy pool starvation

At boot and on low-entropy systems (VMs, IoT, containers), the OS entropy pool may be exhausted. Keys generated during starvation have reduced security. This node supplements the pool continuously.

Side-channel leakage

Power analysis, timing attacks, and electromagnetic emanations can reveal key material from conventional hardware. Quantum key generation happens offline on a photonic source — no side channel.

Network fingerprinting

Your device exposes a unique fingerprint through timing, packet size, and protocol behaviour. Randomising nonces, tokens, and padding with quantum entropy reduces fingerprinting effectiveness.

Post-quantum harvest now, decrypt later

Adversaries collect encrypted data today to decrypt when quantum computers mature. NIST PQC algorithms (ML-KEM, ML-DSA) resist this. All require high-quality classical randomness for key gen.

OpSec Checklist

Operational security fundamentals

🔑
Unique passwords everywhere
Use this app to generate a quantum password for every account. Never reuse. Store in an offline-capable password manager.
🛡
WireGuard over OpenVPN
WireGuard has a 4,000-line codebase vs OpenVPN's 70,000. Smaller attack surface. Use quantum-seeded private keys from the Tools tab.
🔒
Full-disk encryption everywhere
BitLocker (Windows), LUKS (Linux), FileVault (macOS). The encryption key is only as strong as your entropy source during key generation.
📡
DNS over HTTPS / DNS over TLS
Standard DNS leaks every hostname you visit. DoH/DoT encrypts queries. Cloudflare 1.1.1.1 or your own resolver via WireGuard tunnel.
📱
Minimise app permissions
Every app with camera, microphone, or location is a potential surveillance vector. Audit permissions monthly. Revoke anything unused.
🌐
Browser fingerprint isolation
Use separate browser profiles for separate contexts. Firefox with uBlock Origin and resist fingerprinting enabled. Avoid Chrome for sensitive sessions.
📧
E2E encrypted communications
Signal for messaging (Signal Protocol, forward secrecy). ProtonMail or Tutanota for email. Matrix/Element for team communications.
💾
Offline key storage
Master keys, seed phrases, and recovery codes belong on paper or an air-gapped device — not in a cloud-synced password manager field.

Self-Audit

Know your exposure

🔍 Have I Been Pwned

Check if your email or passwords appear in known data breaches. hibp.com — free, trusted, used by governments and enterprises. Run a check quarterly. If breached: rotate that password immediately using the Tools tab to generate a quantum replacement.

🌐 Browser Fingerprint Test

coveryourtracks.eff.org (EFF) — shows exactly how unique your browser is to trackers. browserleaks.com — comprehensive leak test including WebRTC, Canvas, AudioContext, and timezone. Test after any browser configuration change.

🎲 Entropy Quality Test

Use the Verify endpoint (Tools tab → generate → the API runs NIST monobit and runs tests on every chunk). For deeper analysis, the NIST SP 800-22 test suite (github.com/dj-on-github/sp800_22_tests) runs 15 statistical tests on any binary file. Run it on your entropy pool files to verify quantum quality.

📡 Network Exposure

dnsleak.com — verify DNS is not leaking outside your VPN. ipleak.net — checks IP, DNS, WebRTC, and geolocation leaks simultaneously. shodan.io — check your own public IP for exposed services. Run after every network configuration change.

Post-Quantum

Preparing for the quantum threat

NIST finalised its first post-quantum cryptographic standards in 2024: ML-KEM (key exchange), ML-DSA (signatures), and SLH-DSA (hash-based signatures). These replace RSA, ECC, and Diffie-Hellman against quantum adversaries.

All three algorithms require high-quality classical random numbers for key generation. A quantum RNG is not just a nice-to-have — it is the correct foundation for post-quantum key material.

What's already supported (2025-2026):
Signal Protocol — ML-KEM added (PQXDH)
WireGuard — post-quantum extensions in development
OpenSSH 9.0+ — CRYSTALS-Kyber hybrid key exchange
Chrome / Firefox — ML-KEM for TLS 1.3 hybrid
iOS 17.4+ / Android 14+ — post-quantum secure enclave options

Physical OpSec

Hardware-level protection

📷
Camera covers
Physical slide covers for laptop cameras. Cannot be defeated by software. Remove only when camera is in intentional use.
🎤
Microphone blockers
Hardware mic blockers plug into the headphone jack and present a dummy circuit — OS shows mic connected but captures nothing.
🔌
USB data blockers
"USB condoms" — pass power only, block data lines. Essential when charging from unknown USB ports (airports, hotels).
🏷
Device identifiers
MAC addresses, IMEI, serial numbers are all trackable. Use MAC randomisation (built into Android 10+, iOS 14+). Enable it.