diff --git a/README b/README
index 6aa6031b5..2b17df76a 100644
--- a/README
+++ b/README
@@ -10,17 +10,12 @@ Notes
 
 a) the signer only understands secp256k1 elliptic curve
 
-b) random generator in rand.c is using stdlib's rand() function.
-   you should replace this code with one that uses a hardware random
-   generator of your microcontroller in production.
-   (see speed-stm32/rand.c for such example)
-
-c) there are executables:
+b) there are executables:
    * test-speed
      - check signing speed (sign 100x and compute speed from duration)
    * test-verify
      - generate random messages and private keys
      - check signature validity against OpenSSL (call verify method)
 
-d) directory speed-stm32 contains project for deploying the code
+c) directory speed-stm32 contains project for deploying the code
    on STM32 microcontroller and checking signing speed there
diff --git a/rand.c b/rand.c
index 24b990a27..fe6d724ad 100644
--- a/rand.c
+++ b/rand.c
@@ -21,16 +21,18 @@
  * OTHER DEALINGS IN THE SOFTWARE.
  */
 
-#include <stdlib.h>
-#include <stdint.h>
-#include <time.h>
+#include <stdio.h>
 
 #include "rand.h"
 
+static FILE *f;
+
 void init_rand(void) {
-	srand(time(NULL));
+	f = fopen("/dev/urandom", "r");
 }
 
 uint32_t random32(void) {
-	return (rand() & 0xFF) + ((rand() & 0xFF) << 8) + ((rand() & 0xFF) << 16) + ((rand() & 0xFF) << 24);
+	uint32_t r;
+	fread(&r, 1, sizeof(r), f);
+	return r;
 }
diff --git a/rand.h b/rand.h
index 2ee45ed63..2b72bde5e 100644
--- a/rand.h
+++ b/rand.h
@@ -24,6 +24,8 @@
 #ifndef __RAND_H__
 #define __RAND_H__
 
+#include <stdint.h>
+
 void init_rand(void);
 uint32_t random32(void);