Ravikanth Pappu, Ben Recht, Jason Taylor, Neil Gershenfeld Physical One-Way Functions Science 2002, 297 (5589), 2026-2030, doi: 10.1126/science.1074376
Abstract: Modern cryptographic practice rests on the use of one-way functions, which are easy to evaluate but difficult to invert. Unfortunately, commonly used one-way functions are either based on unproven conjectures or have known vulnerabilities. We show that instead of relying on number theory, the mesoscopic physics of coherent transport through a disordered medium can be used to allocate and authenticate unique identifiers by physically reducing the medium's microstructure to a fixed-length string of binary digits. These physical one-way functions are inexpensive to fabricate, prohibitively difficult to duplicate, admit no compact mathematical representation, and are intrinsically tamper-resistant. We provide an authentication protocol based on the enormous address space that is a principal characteristic of physical one-way functions.
Basically, they create a slab of epoxy with a bunch of glass micro-spheres randomly distributed within it. When you shine light through it, the multiple refractions/scattering events lead to a complicated path for the various light beams, which interfere to generate a complicated light-speckle pattern on the other side. This multiple-scattering process is of course deterministic, but in practice it is so complicated that it is not feasible to reverse-engineer the internal structure of such a material. (In fact, the method exploits coherent scattering, and because the light-detector can only measure the amplitude (and not the phase) of the scattered light, the problem is formally 'ill-posed': there is no way to invert the coherent scattering data to obtain the material structure. Instead such problems can only be approximately solved with iterative processes; this can be made arbitrarily difficult by increasing the number of scattering entities (glass beads in this case)...) This is analogous to mathematical one-way functions: in principle you can crack them, but it takes an infeasible amount of time.
Ultimately the 'randomness' (uniqueness of a slab) comes from the inital preparation of the slab: you're basically 'freezing in' the random Brownian motion of the micro-particles. Thermal noise is a pretty robust source of randomness.
These slabs are neat in the sense that you can use them to generate multiple pads. A different illumination condition (incident angle, or light pattern) generates a new one-time-pad (see the paper for a discussion of 'how different' the illumination condition needs to be in order to yield a uncorrelated/unique one-time-pad), so one idea is for people to carry a single physical token and use it to generate different OTPs for different communications channels they care about.
These schemes are not without their downsides, of course, but it's a neat idea to use a physical structure (rather than mathematical function) to generate pseudo-random numbers. (Thes slabs don't require a battery to maintain their state; one could image secure ways of generating two identical slabs at fabrication time, and then giving them to the two parties; etc.)