jggimi, I think you're asking "How much worse is /dev/urandom than /dev/random ?" and "How suitable is the output of /dev/urandom for various password usages?" Those are great questions and I am not expert enough to answer them in any depth at all. I would suspect the quality of urandom might vary somewhat depending on the OS, of course, and the appropriateness of its usage would vary greatly with the intended application. For example if you wanted, say, an 8- or 10-digit password to sign up for a short-term use forum somewhere, I'll go on a limb and say /dev/urandom is probably good enough, and better than typing "asdklj3f" or something like that.
For that reason my script supports both devices; it's really up to the user to decide which is best for their needs. It doesn't recommend one or the other for everything. The reason urandom is the default is simply that it doesn't block.
When I used it to generate a WPA PSK "for real", I did use /dev/random, and had to type a lot of keystrokes into a console before it finished -- it seemed worth the trouble in that case.
ADDED: I've also used the same technique to generate random wireless MAC addresses:
Code:
00`hexdump -n5 -e'5/1 ":%02x"' /dev/urandom`
In this case cryptographic strength isn't a real issue and non-blocking of /dev/urandom is very helpful as the command is run in a shell script. (Just another application, nothing to do with randpass.sh.)