It uses the "CryptGenRandom" function for Windows; the "arc4random_buf"
function (not based on RC4 but on a modern and cryptographically secure
cipher) for macOS/OpenBSD/NetBSD; the "getrandom" syscall for Linux 3.17
and later; and "/dev/urandom" for other Posix platforms.
It's recommended to combine the output use additional processing generated random numbers
via provided functions for systems where security matters.
Windows "CryptGenRandom" RNG has known security vulnerabilities on
Windows 2000 and Windows XP (assuming the attacker has control of the
machine). Fixed for Windows XP Service Pack 3 and Windows Vista.