One needs a source of random numbers in order to find two random primes
to compose the modulus. If one used a predictable method of generating
the primes, an adversary could mount an attack by trying to recreate
the key generation process.
Random numbers obtained from a physical process are in principle the best.
One could use a hardware device, such as a diode; some are sold
commercially on computer add-in boards for this purpose. Another idea is to
use physical movements of the computer user, such as keystroke timings
measured in microseconds. By whichever method, the random numbers may still
contain some correlations preventing sufficient statistical randomness.
Therefore, it is best to run them through a good hash function (see
Question 3.8.2) before actually using them.
Another approach is to use a pseudorandom number generator fed by a random seed. Since these are deterministic algorithms, it is important to find one that is very unpredictable and also to use a truly random seed. There is a wide literature on the subject of pseudorandom number generators. See Knuth for an introduction. Note that one does not need random numbers to determine the public and private exponents in RSA, after choosing the modulus. One can simply choose an arbitrary value for the public exponent, which then determines the private exponent, or vice versa.