Generating Cryptographically Secure Random Numbers on ESP32 Without External RNG
You get cryptographically secure random numbers on ESP32 without extra hardware by enabling the SAR ADC with `bootloader_random_enable()`, since the default RNG uses predictable seeds like chip ID. Activate this early, and your `esp_random()` calls pull from true physical noise-perfect for secure AES-GCM nonces. Testers confirm outputs pass Die Harder and FIPS 140-2 when entropy is live. Just remember to disable it with `bootloader_random_disable()` if using ADC or Wi-Fi to avoid conflicts. Real security starts with proper entropy, and the path to stronger implementation is clearer than you think.
We are supported by our audience. When you purchase through links on our site, we may earn an affiliate commission, at no extra cost for you. Learn more. Last update on 30th May 2026 / Images from Amazon Product Advertising API.
Notable Insights
- Enable SAR ADC entropy by calling `bootloader_random_enable()` to ensure cryptographically secure random numbers.
- Avoid relying on default `esp_random()` output, as it may be predictable without active entropy sources.
- Use Wi-Fi or Bluetooth startup to naturally enable RF-based entropy for secure random number generation.
- Generate AES-GCM nonces by combining three 32-bit `esp_random()` outputs into a 96-bit unique nonce.
- Disable SAR ADC entropy with `bootloader_random_disable()` to prevent conflicts with ADC, I2S, or RF peripherals.
Why ESP32’s RNG Isn’t Always Truly Random
Even though the ESP32 has a built-in hardware random number generator, you’re not always getting truly random numbers unless you know the right conditions are met. Most Random Number Generators on microcontrollers rely on entropy, and the ESP32’s hardware random number generator only delivers true random numbers when an entropy source like the SAR ADC is active. The physical noise from the SAR ADC provides the randomness needed, but by default, the ESP-IDF Second Stage Bootloader disables this after boot. Unless the ADC has been enabled via `bootloader_random_enable()`, the RNG state to provide randomness depends on static seeds like chip ID-making output predictable. So even if you call `esp_random()`, you won’t get true random numbers unless the conditions are true. For reliable, high-quality random output in your robotics or IoT project, you must manually re-enable the entropy source. It’s a small step that makes all the difference.
Enable Wi-Fi or Bluetooth for Real Randomness
A solid random number on ESP32 often comes down to one key factor: entropy source activation. You need true random numbers for cryptographically secure operations, and the hardware RNG relies on physical noise from an active entropy source. Without Wi-Fi or Bluetooth enabled, the RF subsystem stays idle, and the High Speed ADC won’t generate enough entropy. But when you call esp_wifi_start() or esp_bt_controller_enable(), the RF subsystem kicks in, powering the High Speed ADC to sample thermal noise-delivering real randomness. This physical noise is what turns your random number generator (RNG) into a true random number producer. If both Wi-Fi and Bluetooth are off, the RNG falls back to pseudo-random output, weakening security. So for reliable, cryptographically secure random numbers, keep Wi-Fi or Bluetooth active-testers confirm it’s the simplest way to guarantee robust entropy.
Use SAR ADC When No RF Is Available
When Wi-Fi and Bluetooth are off, you can still get true random numbers on the ESP32 by tapping into the SAR ADC as an entropy source, and it’s a solid workaround if you’re avoiding RF for power or design reasons. The SAR ADC uses internal physical noise-like thermal fluctuations and clock jitter-to feed the hardware RNG, making it a reliable entropy source for cryptographically secure random numbers. By default, the ESP-IDF bootloader disables this feature, so you must call `bootloader_random_enable()` early in your code to activate it. This turns the SAR ADC into a working hardware RNG. Just remember: before using ADC, I2S, Wi-Fi, or Bluetooth peripherals, run `bootloader_random_disable()` to prevent conflicts. Testers confirm the output passes randomness tests, and real-world measurements show consistent entropy. It’s not just random-it’s true random, derived from silicon-level noise, and perfect when you need security without RF.
Create Secure AES-GCM Nonces With ESP32
Since you’re relying on AES-GCM for secure communication on the ESP32, getting the nonce right is non-negotiable-use `esp_random()` after calling `bootloader_random_enable()` to pull true random 32-bit values from the SAR ADC’s hardware entropy, combine three of them for a full 96-bit nonce, and you’ve got a cryptographically secure, unique value every time. This guarantees your AES-GCM nonces never repeat, protecting data integrity and confidentiality. Always enable the SAR ADC as your entropy source with `bootloader_random_enable()` when Wi-Fi or Bluetooth isn’t active, so the hardware RNG doesn’t fall back to weaker pseudo-random outputs.
| Feature | Value | Purpose |
|---|---|---|
| Source | SAR ADC | True entropy input |
| Output | 32-bit chunks | Via `esp_random()` |
| Combine | 3 calls | For 96-bit nonce |
| RNG Type | Hardware RNG | On-chip, cryptographically secure |
| ESP32 Safety | `bootloader_random_disable()` | Avoid peripheral conflicts |
Call `bootloader_random_disable()` before enabling Wi-Fi, BT, or ADCs-keep your random number generator safe and secure.
Test RNG Output With Die Harder
You’ve locked down your AES-GCM nonces using the SAR ADC’s hardware entropy and made sure each one is unique by combining three 32-bit outputs from `esp_random()`, but how confident are you that the raw stream feeding those values is truly random? To verify your ESP32’s hardware RNG produces true random numbers, use `esp_fill_random` to collect at least 2 GB of data for Die Harder testing. This battery of tests checks statistical randomness rigorously, but only works if your entropy source is active-enable Wi-Fi, Bluetooth, or use `bootloader_random_enable()` so the TRNG leverages physical noise. When properly configured, the ESP32’s random number generator passes both Die Harder and FIPS 140-2, per the ESP32 Technical Reference. While false positives can happen due to minor biases, consistent results confirm cryptographically secure output. Real testers report reliable performance across multiple runs, proving the on-chip hardware RNG is trustworthy when used correctly.
Avoid ADC Conflicts in Random Number Use
Though the ESP32’s hardware RNG delivers cryptographically secure random numbers using the SAR ADC as a true entropy source, you’ll need to manage resource conflicts carefully-especially if you’re reading analog sensors, driving I2S audio, or toggling RF systems like Wi-Fi and Bluetooth. The SAR ADC relies on physical noise for true random numbers, but this same module handles analog readings, causing ADC conflicts if mismanaged. To avoid instability, call `bootloader_random_disable()` before using ADC or RF functions-this frees the SAR ADC for other tasks. When you need true random data, use `bootloader_random_enable()` to reactivate the entropy source, but remember: it locks the ADC. Run `bootloader_fill_random()` only when Wi-Fi/Bluetooth are off. Real-world testing shows skipping `bootloader_random_disable()` leads to failed sensor reads or RNG errors. The hardware RNG is powerful, but coexistence with peripherals demands precise timing and awareness of shared resources. Manage it right, and your ESP32 stays secure and stable.
On a final note
You can trust the ESP32’s built-in RNG for most tasks, but it needs help to stay cryptographically secure. Enable Wi-Fi or Bluetooth for better entropy, or use the SAR ADC when RF is off. Pair it with AES-GCM for solid encryption, and always test output with Die Harder. Avoid ADC conflicts by disabling sensors during reads. Real-world tests show 2 Mbps throughput with secure nonces, making it reliable, practical, and ready for robotics, IoT, or automation projects.
