/dev/random and its sibling /dev/urandom are character devices that return random bytes generated by the kernel's cryptographic random number generator. They are the canonical source of entropy for generating keys, passwords, initialisation vectors, nonces, and anything else that must be unpredictable.
head -c 32 /dev/urandom | base64 # 32-byte random token
dd if=/dev/urandom of=/dev/sdb bs=1M # fill disk with noise
Historically, /dev/random blocked when the kernel's entropy estimate was low, while /dev/urandom did not; this led to the infamous "draining the entropy pool" myth. On modern Linux (5.6+), once the CRNG is properly seeded at boot, /dev/urandom and /dev/random produce equally secure output, and /dev/random no longer blocks after that initial seeding. The getrandom(2) system call is now the recommended interface for programs.
Never use /dev/urandom output directly as a cryptographic key without considering length and encoding; never mistake shell tools like $RANDOM (a pseudo-random shell variable) for a source of cryptographic randomness. When in doubt, use a proper library like openssl rand, gpg --gen-random, or Python's secrets module.
Related terms: /dev, Device File, /dev/zero
Also defined in: Textbook of Linux