Ledger hardware wallets use the Random Number Generator (RNG) embedded in the Secure Element to generate the confidential recovery phrase (also known as mnemonic seed). This RNG has been evaluated by a third-party laboratory and has obtained the highest level of certification: EAL5+, AIS-31.
The certification methodology includes mathematical proof of randomness and a very large number of tests. The RNG is tested under various conditions of temperature, frequency, voltage, etc. and must pass all the statistical tests. The certification also includes randomness defects and attack detection mechanisms.
Hardware RNGs like the one used in Ledger hardware wallets use several sources of randomness. On top of that, we also implemented standard post-processing retreatment. Clearly, AIS31-certified RNGs are the best RNGs in the world in terms of entropy, unpredictability, and robustness. For more information, please refer to the relevant certification methodology.
Mixing entropy sources
When no good source of entropy is available, designers often mix several different sources hoping that they are not all weak or compromised. The quality of the randomness of such a generator is questionable. It may vary according to the sample considered, the computer used and other external factors (temperature, pression, voltage, etc).