I know little about RNGs -- but wouldn't it be practical to run about 3 RNGs with different algorithms in parallel, and add their results? Surely that would be a lot harder to attack than any one RNG.<p>Ditto if you start with the RNG output and apply even a simple transformation to it. After all, if you start with a pseudo-random-number and apply to it an isomorphism from the valid number set to itself, you should wind up with something that's still pseudo-random.
Random numbers don't always need to be cryptographically secure. In situations like games you might just want to use a function with low resource requirements.<p>If you want a cryptographically secure random generation you should use SecRandomCopyBytes(3) which I think comes from an isolated hardware random number generator and should be tough to monitor through software.<p>Disclaimer: I'm not sure if what I'm saying is true