Some RNGs are seeded with "folder data" in this way. Mozilla's NSS, for example, looks at temp directories and mixes that data in as a seed. Using this as the *output* of a PRNG? Nope, not a good idea -- we've got a handful of CSPRNGs that have strong security proofs associated with them. For example, Blum Blum Shub is secure so long as integer factorization is hard. This is the same assumption we make for RSA, for example. Your RNG lacks any such guarantee. Plus, your idea falls down when you say "choose 5 folders at random". How do you do that?