I would like some advice on this, arc4random is that bad ?
I don’t think so. It wouldn’t be my first choice for a new system, but I’m not about to panic.
The latest attack, for example, which completely broke TLS, actually only recovers the first 256 bytes of plaintext. arc4random discards way more than the first 256 bytes. In short, TLS was broken not for using rc4, but for failing to use decade old rc4 best practices.
Thanks for the clarification
Hopefully noone uses random(3) for anything needing cryptographically strong random numbers?
Only for yolocrypto ;)