Never Let an Astrophysicist do Cryptography
This article has many misconceptions. It's good that we have cryptographers to do the cryptography and don't leave it to the astrophysicists. My corner of the crypto universe is making RNGs.
The CMB may be entropic, but it is not in any way indistinguishable from uniform. You might expect gaussian noise with Raleigh or Recian fading, along with some secondary effects. A secure RNG could use an antenna as a noise source, but the resulting partially entropic data would need to be passed through an entropy extractor first.
FIPS 140-2 is a boundary spec. It says what must go on inside the boundary and provides rules for data crossing the boundary. Entropy input is absolutely allowed. The RNG in a FIPS 140-2 compliant module must be SP800-90A compliant and show it has a good noise source. However, while the gathering of noise must be in the module, the noise itself always comes from the environment in part from outside of the module boundary.
An antenna is an effective entropy source. Cell phones sometimes use them. However, compared to silicon entropy sources (http://www.deadhat.com/papers/uRNG.pdf) they are large, power hungry and have a horrible attack surface. Pointing an antenna at the sky makes no difference. Any antenna picks up noise, part of which is from the CMB. In this respect, the cell phone antenna is much better - It's smaller, mobile and has cryptographic verification on the data send over it, so you can know when the amplifier chain is linear and so know when the noise from the modem is not lost through limiting.
I strongly suspect the authors are not fully aware of the requirements for entropy extractors in SP800-90B (currently in draft, but if you're building an RNG now for a FIPS 140-2 context, that's what you're going to be complying with).
Biting the hand that feeds IT
