But in any case hardware random number generators are in general unauditable...
Yup, SHA2 of passwords from aaaaa-ZZZZZ will also pass random tests.
Well of course, the whole point of SHA2 and other cryptographic hash functions is that they are designed to have very strong
uniformity guarantees.