Comment 33 for bug 706011

I should have read the blog post you linked to before posting the comment. There are no factual errors in the blog post to my knowledge (I'm no professional cryptographer, just an enthusiast who took a couple formal courses and tinkered a bit), and the argument is compelling.

My previous comment actually looks silly now, since I talk of "good" random data that the post disputes. But I stand my ground that using /dev/urandom for serious business like GPG keys is a bad idea. /dev/random providess a better guarantee than /dev/urandom regarding the randomness of data you extract, and many including me are not happy to give up this guarantee.