From the urandommanpage:

从urandom联机帮助页：

The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.

When read, the /dev/random device will only return random bytes within the estimated number of bits of noise in the entropy pool. /dev/random should be suitable for uses that need very high quality randomness such as one-time pad or key generation. When the entropy pool is empty, reads from /dev/random will blockuntil additional environmental noise is gathered.

A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible that such an attack may exist. If this is a concern in your application, use /dev/random instead.

随机数生成器将来自设备驱动程序和其他来源的环境噪声收集到一个熵池中。生成器还保持对熵池中噪声位数的估计。从这个熵池中创建随机数。

读取时，/dev/random 设备将仅返回熵池中估计的噪声位数内的随机字节。/dev/random 应该适用于需要非常高质量随机性的用途，例如一次性填充或密钥生成。 当熵池为空时，从 /dev/random 读取将阻塞，直到收集到额外的环境噪声。

从 /dev/urandom 设备读取不会阻塞等待更多 entropy。因此，如果熵池中没有足够的熵，则返回值理论上容易受到对驱动程序使用的算法的加密攻击。当前未分类的文献中没有关于如何做到这一点的知识，但理论上可能存在这种攻击。如果这是您的应用程序中的一个问题，请改用 /dev/random。

both uses a PRNG, though using environmental data and entropy pool makes it astronomically much more difficult to crack the PRNG, and impossible without also gathering the exact same environmental data.

两者都使用 PRNG，尽管使用环境数据和熵池使得破解 PRNG 在天文上要困难得多，而且如果不收集完全相同的环境数据也是不可能的。

As a rule of thumb, without specialized expensive hardware that gathers data from, say, quantum events, there is no such thing as true random number generator (i.e. a RNG that generates truly unpredictable number); though for cryptographic purpose, /dev/random or /dev/urandom will suffice (the method used is for a CPRNG, cryptographic pseudo-random number generator).

根据经验，如果没有专门的昂贵硬件从量子事件中收集数据，就没有真正的随机数生成器（即生成真正不可预测的数字的 RNG）；尽管出于加密目的， /dev/random 或 /dev/urandom 就足够了（使用的方法是用于 CPRNG，加密伪随机数生成器）。

The entropy pool and blocking read of /dev/random is used as a safe-guard to ensure the impossibility of predicting the random number; if, for example, an attacker exhausted the entropy pool of a system, it is possible, though highly unlikely with today's technology, that he can predict the output of /dev/urandom which hasn't been reseeded for a long time (though doing that would also require the attacker to exhaust the system's ability to collect more entropies, which is also astronomically improbably).

使用/dev/random 的熵池和阻塞读取作为保护措施，以确保无法预测随机数；例如，如果攻击者耗尽了系统的熵池，他有可能（尽管以今天的技术不太可能）预测 /dev/urandom 很长时间没有重新播种的输出（尽管这样做这也需要攻击者耗尽系统收集更多熵的能力，这在天文上也是不可能的）。

Actually what you need in practice is what FreeBSD's /dev/urandomprovides: it will read an initial seed of sufficient length from /dev/random, then use a PRNG. Thus, it may block initially (just after system boot) but once it has gathered enough entropy, it never blocks. This provides the level of randomness needed by most cryptographic protocols, while not unduly blocking.

实际上，您在实践中需要的是 FreeBSD/dev/urandom提供的：它将从 中读取足够长度的初始种子/dev/random，然后使用 PRNG。因此，它最初可能会阻塞（就在系统启动之后），但是一旦它收集到足够的熵，它就永远不会阻塞。这提供了大多数加密协议所需的随机性级别，同时不会过度阻塞。

Linux's /dev/urandomis similar except that it will never block, and thus may risk returning low-quality randomness if used just after boot. On the other hand, /dev/randommay block even long after boot-time, which is also a problem. I have often seen servers stall mysteriously, because some software was insisting on using /dev/random, and the keyboard-less server was not getting enough entropy.

Linux 的/dev/urandom类似，只是它永远不会阻塞，因此如果在启动后立即使用，可能会返回低质量的随机性。另一方面，/dev/random可能会在启动后很长时间阻塞，这也是一个问题。我经常看到服务器莫名其妙地停顿，因为某些软件坚持使用/dev/random，而无键盘服务器没有获得足够的熵。

Usual Linux distribution save at shutdown a random seed obtained from /dev/urandom, and inject it back upon next boot, thus guaranteeing the quality of the random provided by /dev/urandom. Only during OS installation does cryptographic quality becomes an issue, and usually it is not because installation involves a number of interactions with the human being who performs the installation, yielding hordes of entropy.

通常的Linux分发保存在关机时从获得的随机种子/dev/urandom，并注入它回到其下次开机时，从而保证所提供的随机的质量/dev/urandom。只有在操作系统安装期间，加密质量才会成为问题，通常这不是因为安装涉及与执行安装的人的许多交互，从而产生大量的熵。

To sum up, under both Linux and FreeBSD, you should use /dev/urandom, not /dev/random.

总而言之，在 Linux 和 FreeBSD 下，您应该使用/dev/urandom，而不是/dev/random.

Quoting here

在这里引用

/dev/randomwill block after the entropy pool is exhausted. It will remain blocked until additional data has been collected from the sources of entropy that are available. This can slow down random data generation.

/dev/urandomwill not block. Instead it will reuse the internal pool to produce more pseudo-random bits.

/dev/random熵池耗尽后会阻塞。在从可用的熵源收集到更多数据之前，它将保持阻塞状态。这会减慢随机数据的生成。

/dev/urandom不会阻塞。相反，它将重用内部池来产生更多的伪随机位。

/dev/urandomis best used when:

/dev/urandom最好在以下情况下使用：

• You just want a large file with random data for some kind of testing.
• You are using the ddcommand to wipe data off a disk by replacing it with random data.
• Almost everywhere else where you don't have a really good reason to use /dev/randominstead.

• 您只需要一个带有随机数据的大文件进行某种测试。
• 您正在使用该dd命令通过用随机数据替换磁盘来擦除磁盘上的数据。
• 几乎在您没有充分理由使用的其他任何地方/dev/random。

/dev/randomis likely to be the better choice when:

/dev/random在以下情况下可能是更好的选择：

• Randomness is critical to the security of cryptography in your application – one-time pads, key generation.

• 随机性对于您的应用程序中的加密安全性至关重要——一次性密码、密钥生成。