/dev/urandom should be more than good enough, I believe that /dev/random attempts to accumulate true randomness and /dev/urandom is pseudo-randomness that is seeded from /dev/random, if an attacker doesn't know the seed provided from /dev/random they should not be able to determine the output of /dev/urandom