Menu
On the random module python page (Link Here) there is this warning:
Warning: The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.
So whats the difference between os.urandom() and random?
Is one closer to a true random than the other?
Would the secure random be overkill in non-cryptographic instances?
Are there any other random modules in python?
533
urandom on the other hand cannot be seeded and draws its source of entropy from many unpredictable sources, making it more random.
os. urandom() method is used to generate a string of size random bytes suitable for cryptographic use or we can say this method generates a string containing random characters.
Making urandom return predictable results is possible on Linux, but needs root access.
Random numbers and data generated by the random class are not cryptographically protected. An output of all random module functions is not cryptographically secure, whether it is used to create a random number or pick random elements from a sequence.
You can read up on the distinction of cryptographically secure RNG in this fantastic answer over at Crypto.SE.
The main distinction between random and the system RNG like urandom is one of use cases. random implements deterministic PRNGs. There are scenarios where you want exactly those. For instance when you have an algorithm with a random element which you want to test, and you need those tests to be repeatable. In that case you want a deterministic PRNG which you can seed.
urandom on the other hand cannot be seeded and draws its source of entropy from many unpredictable sources, making it more random.
True random is something else yet and you'd need a physical source of randomness like something that measures atomic decay; that is truly random in the physical sense, but usually overkill for most applications.
124
So whats the difference between os.urandom() and random?
Random itself is predicable. That means that given the same seed the sequence of numbers generated by random is the same. Take a look at this question for a better explanation. This question also illustrates than random isn't really random.
This is generally the case for most programming languages - the generation of random numbers is not truly random. You can use these numbers when cryptographic security is not a concern or if you want the same pattern of numbers to be generated.
Is one closer to a true random than the other?
Not sure how to answer this question because truly random numbers cannot be generated. Take a look at this article or this question for more information.
Since random generates a repeatable pattern I would say that os.urandom() is certainly more "random"
Would the secure random be overkill in non-cryptographic instances?
I wrote the following functions and there doesn't appear to be a huge time difference. However, if you don't need cryptographically secure numbers
it doesn't really make sense to use os.urandom(). Again it comes down to the use case, do you want a repeatable pattern, how "random" do you want your numbers, etc?
import time
import os
import random
def generate_random_numbers(x):
start = time.time()
random_numbers = []
for _ in range(x):
random_numbers.append(random.randrange(1,10,1))
end = time.time()
print(end - start)
def generate_secure_randoms(x):
start = time.time()
random_numbers = []
for _ in range(x):
random_numbers.append(os.urandom(1))
end = time.time()
print(end - start)
generate_random_numbers(10000)
generate_secure_randoms(10000)
Results:
0.016040563583374023
0.013456106185913086
Are there any other random modules in python?
Python 3.6 introduces the new secrets module
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
