PyCrypto.Random doesn't magically gather sources of entropy that aren't available to the O.S. Ideally, the O.S.'s non-blocking randomness source would be an implementation of Fortuna or some other CSPRNG that will eventually recover from compromised state.
Anyway, use OpenSSL's CSPRNG or the system's cryptographic random number source. The weak link in your system is almost certainly not going to be either of these, and they've received a lot more auditing and review than PyCrypto.
The theoretical weakness in /dev/urandom is that it generally hands out more entropy than it gathers, so if there are other exploitable flaws, eventually all of its state will leak. It's important to note that most implementations of /dev/random suffer from relying on estimates of the entropy present in several inputs. The nice thing about Fortuna is that it has the very nice theoretical property that it will eventually recover from leaked state, without relying on entropy estimates. Entropy estimates are a fiction to help some people sleep at night.
Anyway, use OpenSSL's CSPRNG or the system's cryptographic random number source. The weak link in your system is almost certainly not going to be either of these, and they've received a lot more auditing and review than PyCrypto.
The theoretical weakness in /dev/urandom is that it generally hands out more entropy than it gathers, so if there are other exploitable flaws, eventually all of its state will leak. It's important to note that most implementations of /dev/random suffer from relying on estimates of the entropy present in several inputs. The nice thing about Fortuna is that it has the very nice theoretical property that it will eventually recover from leaked state, without relying on entropy estimates. Entropy estimates are a fiction to help some people sleep at night.