On
platforms
without
/dev/urandom
PBC
falls
back
on
a
deterministic
pseudo-random
number
generator,
except
on
Windows
where
it
attempts
to
use
the
Microsoft
Crypto
API.
Also,
/dev/urandom
differs
from
/dev/random,
the
device
of
choice
for
the
paranoid.
A
quote
from
its
manpage:
A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. Knowledge of how to do this is not available in the current non-classified literature, but it is theoretically possible that such an attack may exist. If this is a concern in your application, use /dev/random instead.