How random does random need to be?
rand() can be predictable enough - if for no other reason than the srand() seed is 32-bit, which can be brute forced in seconds. It also has patterns that will emerge after enough calls.
A major requirement of a cryptographic cipher is that any patterns in the input don't reflect on the output. If you can obtain a secure seed and start state, you can forever run AES(key, seed++) to produce a random looking string. A well known and accepted RNG named "Yarrow" is based upon this principle.
Is this cryptographically strong? "It depends", because if that key and seed are compromised once, all subsequent data is. For the majority of purposes, I would say yes.
The "blocking" issue of /dev/random is surely a security issue itself - someone can effectively exhaust the entropy pool then cause your app to hang - a denial of service bug.
So a high strength algorithm might look a bit like this:
1. Pull 2048bit from /dev/urandom
2. Compress that to 256bit with SHA256
3. That value becomes "key"
4. Repeat above process to generate "seed"
5. Let seed = AES(key, seed)
Now every time you desire entropy, use the AES(key, seed++) function. For added security, every x number of calls, regenerate the seed as per step 5.
If you'd really like to make this heavily cryptographically secure:
Run the algorithm twice
Obtain SHA256 of the output
This provides 256 coin tosses
Run this as many times as required
Test the results against expected distribution. Google "chi-square" test.