[lucb1e]

I posted some advice in a sibling thread, <https://news.ycombinator.com/item?id=31021503>, that applies here as well:

> Please don't use $RANDOM or $((RANDOM)) or standard `shuf` for password generation. These RNGs are not cryptographically secure. Use input from /dev/urandom instead.

[LeoPanthera]

You can do this with "shuf --random-source=/dev/urandom".

The same with gshuf.

I use an alias to add this switch by default.

[lucb1e]

When using shuf for cryptographic purposes, I'd first check if it advertises as being able to be a secure cryptographic token generator when provided with a secure random source. It might very well use modulo operations, for example.