Consider reading /dev/random instead of using SecureRandom

[samdunne]

SecureRandom uses /dev/urandom which is non blocking (fantastic!), however when the entropy pool becomes small enough it becomes possible to guess the resulting number produced.

Reading /dev/random will be a much more secure way of generating this.

The only possible downside is that /dev/random is blocking

[jimtreadway]

Arguments for just using /dev/urandom instead of /dev/random:

• http://www.2uo.de/myths-about-urandom/
• http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/

[robertomiranda]

@samdunne @jimtreadway really interesting discussion, but since this is a back-port I think that would be better to move the discussion http://github.com/rails/rails, otherwise "The security is in terms of its random generation. See SecureRandom"