Is /dev/random considered truly random?

Question

For instance, could it be used to generate a one-time pad key?
Also, what are its sources and how could it be used to generate a random number between x and

Answer 1

/dev/random will block if there's not enough random data in the entropy pool whereas /dev/urandom will not. Instead, /dev/urandom will fall back to a PRNG (kernel docs). From the same docs:

The random number generator [entropy pool] gathers environmental noise from device drivers and other sources into an entropy pool.

So /dev/random is not algorithmic, like a PRNG, but it may not be "truly random" either. Mouse movements and keystroke timings tend to follow patterns and can be used for exploits but you'll have to weigh the risk against your use case.

To get a random number between x and y using /dev/random, assuming you're happy with a 32-bit integer, you could have a look at the way the Java java.util.Random class does it (nextInt()), substituting in appropriate code to read from /dev/random for the nextBytes() method.