A good suggestion might be to use arc4random(3) instead of random(3). If the security of your application depends on randomness, you should really pay an expert to help you do it. Randomness is harder than it looks and most likely you will screw it up very badly (a few years ago some online Black Jack lost a lot of money because they "improved" their randomness by adding the current time to it).
//art
