There are a few things about /dev/urandom and /dev/random that are repeated again and again. Still they are false. /dev/urandom is insecure. Always use /dev/random for cryptographic purposes. Fact: /dev/urandom is the preferred source of cryptographic randomness on UNIX-like systems. /dev/urandom is a pseudo random number generator, a PRNG, while /dev/random is a “true” random number generator. Fact: Both /dev/urandom and /dev/random are using the exact same CSPRNG (a cryptographically secure pseudorandom number generator). They only differ in very few ways that have nothing to do with “true” randomness. /dev/random is unambiguously the better choice for cryptography. Even if /dev/urandom were comparably secure, there’s no reason to choose the latter. Fact: /dev/random has a very nasty problem: it blocks. But that’s good! /dev/random gives out exactly as much randomness as it has entropy in its pool. /dev/urandom will give you insecure random numbers, even though it has long run out of entropy.…