cryptographic secure random number generator

Question

I am working on a app for windows phone and need a 1MB random pool of byte to use as key for one time pad encryptions. I plan to first make a byte array and fill it with bytes generated by the built in RNGCryptoServiceProvider (app is made in c#). And use information from sources like accelerometer, camera, microphone and touch. Then i bitwise xor this information with each of the pool bits.

Is this a secure approach or is there a better/safer way?

Answer 1

Ok, so we seem to have several comments addressing part 1, is this secure. Now on to question 2, is there a better safer way?

There are three pieces in this puzzle: Key generation, key distribution, and encryption.

I strongly suggest sticking to tried and true methods of key distribution and encryption, but adding entropy to the key generation from sampled input devices can only help.

The trick there is that you want to accumulate and "whiten" that entropy into the key using a hash function. For example, you could collect data from all the entropy sources you mentioned, hash them with SHA-256 to pack all that entropy into a manageable space and randomize it, then XOR with the RNGCryptoServiceProvider data as you suggested before.

Now the wild entropy you added has made a true RNG out of your PRNG.

As you collect more entropy, hash the original hash with the new data so that the old entropy gets mushed up with the new. This way, you will eventually accumulate a full hash length worth of entropy.

Figuring out how long it takes to reach that state is harder, though.