I am looking for affordable solutions that generate true random numbers.

I have found LavaRnd, which is a cryptographically sound random number generator. Does anybody has experience in this field and/or knows about other solutions?

PS: IMHO the SO question True random number generator did not really cover this

EDIT:

My curiosity is more of academic nature. I don't want to know about PRNGs that are good enough for practical applications. I know they exist and that they will do.

Of course, generating true random numbers will require hardware devices. That's why I tagged this with hardware.

You didn't specify an environment.

From the documentation for Linux's /dev/random

The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bit of the noise in the entropy pool. From this entropy pool random numbers are created.

So this is a cryptographically secure random source, based on unpredictable input from such things as the arbitrary timings of ethernet packets, keyboard and mouse input, etc.

There's also Bruce Schneier's Yarrow PRNG server. Not truly random, but considered cryptographically secure.

... and also EGD, the Entropy Gathering Daemon. Written in Perl and hence portable across many platforms.

I've always wanted to buy either the PCI or USB Quantum Random Number Generator, but I have no idea what they cost, and frankly it might be a lot! They do deliver a staggering 16 Mibit/s and 4 Mibit/s respectively of random numbers, though, usable on both *NIX boxes and Windows. That's more than I'd ever need!

Other than that, how 'bout a book full of 'em? A Million Random Digits with 100,000 Normal Deviates is perhaps the coolest book they sell on Amazon! I've yet to buy it, but it's only a matter of time. Must be very handy to have such a stock of true random numbers on your book shelve!

Fully addressing the issue is a broad topic.

Hardware random number generators exist. These use thermal noise or even quantum effects (in the fastest models) to generate high quality random numbers.

There are some suspicions that thermal noise random number generation may have "biases". That is to say, that some numbers are generated more frequently than others, in the extreme long term. The numbers generated are still truly random.

To see how this might be, consider an unfair coin which gives heads 60% of the time. Flipping the coin is still a random process -- it is just that we should expect 60% of them to be heads, in the long run. Acting out the random process encodes information, or "entropy", since any definite result is only one of many possible outcomes. On the other hand, a sequence of Heads and Tails generated with an unfair coin will contain less information than the same sequence generated with a fair coin!

The upshot is that for provable, paranoid-level security, you don't want to use a hardware random number generator's numbers directly. You want to feed them into a pool of entropy, which the random (but possibly biased) numbers can churn.

As a matter of fact, most hardware random number generators are designed to feed /dev/random, through the kernel (or the Windows equivalent), to deal with this bias/entropy issue.

On the other hand, any decent random number generator will be uniform enough to do Monte Carlo simulations, fast.

There is an article in c't 2/2009 on true and pseudo random numbers. Other than LavaRnd also RandCam and VIA's PadLock are discussed.

True random numbers in computing does not exist and never will. Computers are deterministic, in that if you repeat the same experience under the same environment, the same result will be achieved.

What you get with computers are pseudo-random numbers, mostly depending on current circumstances: date, time, other variables like memory being used, network traffic at the moment, etc.

For example, some online poker sites, to guarantee to some extent the randomness of their dealt hands, had to install specific hardware that takes the ambient noise and generates random numbers based on that (not only that, but it's a major factor).

So, to have pseudo-random numbers that approximate to true randomness, you'll need to take outside factors into account.