Page Comparison

The security mechanisms within the software produced by the project MUST generate all cryptographic keys and nonces using a cryptographically secure random number generator, and MUST NOT do so using generators that are cryptographically insecure.

A cryptographically secure random number generator may be a hardware random number generator (/dev/random), or it may be a cryptographically secure pseudo-random number generator (CSPRNG) using an algorithm such as Hash_DRBG, HMAC_DRBG, CTR_DRBG, Yarrow, or Fortuna. Examples of calls to secure random number generators include Java's java.security.SecureRandom and JavaScript's window.crypto.getRandomValues. Examples of calls to insecure random number generators include Java's java.util.Random and JavaScript's Math.random.

For additional guidance and examples about what kind of specifications to rate a random bit generator (RBG) please review: https://csrc.nist.gov/publications/detail/sp/800-90c/draft 

NIST 800-90C explains putting various pieces together (entropy source and the "pseudo-random number generator" PRNG).

NIST 800-90A references the PRNG algorithms-https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf.

NIST 800-90B references testing requirements for entropy sources-https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf