itsjohncs
commented
10 years ago Since I opened this issue I've read some articles about /dev/urandom, /dev/random, misconceptions between the two, and general security surrounding cryptographically secure random number generators.
I have come to the conclusion that /dev/urandom is fine for our needs and it is beyond unlikely that a user will be able to guess the key we generate. For the hurried reader, I just found a stack overflow post that sums things up pretty nicely (there's lots more interesting information out there though, definitely worth the research).
I'd like to use the fortuna implementation in PyCrypto which is a cryptographically secure PRNG.