You keep arguing random strings are “basically” perfect for cryptography. I’d potentially read your research paper for strings if you cited it, but my main question is what technology do you think is perfect? I don’t want to hear about misplacing pseudo-random strings until I know your basis for a perfect technology that never improves from updates.
Edit: also there have been how many attacks have there been on pseudo-random generators?
There have been basically no practical attacks on the LRNG or on Windows CryptGenRandom and its subsequents over the last 20+ years. People have gone of out of their way to build userspace RNGs and blown their toes off, but getrandom/urandom have been rock solid.
I think "don't use Mersenne Twister as your RNG" is a much safer bit of load-bearing advice than "use precisely these safe settings for your JWTs".
I don't think you understand the links you just presented me. Two of them are getrandom man pages from NetBSD, and one of them is a CWE, which documents a broad class of vulnerabilities --- the specific vulnerability here being "not using getrandom".
It's ok if you're totally unfamiliar with this space, but I'd recommend replacing some periods with question marks in your comments.
Edit: also there have been how many attacks have there been on pseudo-random generators?