>  Why not use /dev/random, instead of "ensuring you have entropy"
   /dev/random limits the output size to the estimated entropy. So it has
   abysmal performance unless there are high performance entropy sources
   available. After the initial seeding this gains very little security in
   practice.
   /dev/urandom unblocks before it has sufficient entropy on some systems.
   So it's not guaranteed to be secure and sometimes fails in practice.
   What you normally want is a source that blocks after boot until it has
   accumulated enough initial entropy (say 256 bits), and then never
   blocks again.
   It's not like a good PRNG gets weaker as more data is read from it when
   your adversaries are computationally bounded.