Include CPRNGs

[tiran]

Every decent cryptographic library needs proper crypto pseudo random number generators.

Most (all?) Unix-like operation systems have /dev/random and /dev/urandom. /dev/urandom is non-blocking and sufficient for most crypto stuff except for long-living keys (e.g. ssh, TLS and PGP private keys). The API needs some flags to classify entropy of a CPRNG and its blocking state.

OpenSSL has RAND_pseudo_bytes() and RAND_bytes() as documented at http://www.openssl.org/docs/crypto/RAND_bytes.html . We should also consider http://www.openssl.org/docs/crypto/RAND_add.html and EGD, too.

OpenSSL's RAND generator has a twist: it must be reset on fork(). Otherwise parent and child generate the same random values. Postgres suffered from the issue and now calls RAND_cleanup() on fork(). It's an unsolved issue in Python, too. See http://bugs.python.org/issue16500 for my proposal of an atfork module.

[alex]

We now replace OpenSSL's CSPRNG with /dev/urandom. I'm going to send a PR which reccomends users always generate random numbers with os.urandom(), then I think we're done.