Use urandom Use urandom. Use urandom. Use urandom. Use urandom. Use urandom. Use urandom. But what about for crypto keys? Still urandom. Why not {SecureRandom, OpenSSL, havaged, &c}? These are userspace CSPRNGs. You want to use the kernel’s CSPRNG, because: The kernel has access to raw device entropy. It can promise not to share the same state between applications. A good kernel CSPRNG, like FreeB