8

I understand that I should use os.urandom() or SystemRandom in Python for 'secure' pseudo-random numbers.

But how does Python generate these random numbers logically?

Also is there a way to generate a number in Python that is 'more random' than others?

BioGeek
  • 21,897
  • 23
  • 83
  • 145
ruben_KAI
  • 325
  • 6
  • 18
  • I've answered a very similar question as this in great detail(It covers both `Random` and `SystemRandom`). **[ANSWER LINK](https://stackoverflow.com/a/57190336/8791363)** – Blastosphere Jul 25 '19 at 03:05

1 Answers1

7

For "secure" random numbers, Python doesn't actually generate them: it gets them from the operating system, which has a special driver that gathers entropy from various real-world sources, such as variations in timing between keystrokes and disk seeks.

Wyzard
  • 33,849
  • 3
  • 67
  • 87
  • How can we be sure that these are truly random events? And would you happen to know what the driver is called? – ruben_KAI Oct 07 '14 at 16:00
  • 1
    It depends on the operating system. For Linux, read about `/dev/random` and `/dev/urandom`. – Wyzard Oct 07 '14 at 16:01
  • Thanks! I'll come back to upvote once I get the rep - lol. What about Windows? – ruben_KAI Oct 07 '14 at 16:07
  • Can you predict exactly the time to the next key press, or which key that will be, or when the next disk seek will happen, or how long it will take - all of these are essentially unpredictable (even with physical access to the machine) so they can be used to generate a random number - so long as they are combined in a way that maintains their key characteristics - that is what things like /dev/random does. – Tony Suffolk 66 Oct 07 '14 at 16:07
  • Well every language has a finger print. And there are patterns in human behavior - so given enough data and computational power - I would hazard a guess and say yes, possibly. – ruben_KAI Oct 07 '14 at 16:08
  • @RubenBaden, so you think you could write a program (given a powerful enough machine) to predict to the nearest micro second - or even more accurately every single one of these events - with 100% accurracy - as that is what you would need to predict the output of /dev/random. – Tony Suffolk 66 Oct 07 '14 at 16:15
  • If you want to get philosophical, there is no such thing as random. Event A happens, which causes event B to happen so forth and so on. With enough computational power one can predict the future. Like in the Matrix when the robots did that and predicted the coming of Neo (6 times).... The computer itself is "simple" enough to predict what random numbers are going to happen next (good luck though lol.) But if human element is involved it would make it next to impossible to predict. – TehTris Oct 07 '14 at 16:22
  • @RubenBaden A single of these event sources might be predictable, but all of them combined yields enough entropy to be practically unprecdictable. In addition to that, newer CPUs have hardware random number generators based on physical noise – although their closed nature splits the security community, as some suspect that the vendor might have been pressured by a three letter agency to backdoor their RNG. This is speculation though. – Jonas Schäfer Oct 07 '14 at 16:31
  • @TonySuffolk66 Could I write that code right now? Is that a rhetorical question (because this is)? Of course not - but i'm saying giving what we know about the physical universe (or at the very least my interpretation of what we know) I think its plausible. – ruben_KAI Oct 07 '14 at 16:48
  • @TehTris I would be weary to state a theory as a fact. Causality is often apparent in nature - but randomness might inherently be in the totality of everything anyway. But **NOW** we are getting into Philosophy. – ruben_KAI Oct 07 '14 at 16:53
  • @JonasWielicki Practically, yes... But hypothetically I would have to disagree. It was merely a thought exercise, but I would like to note that often, things that we think about seem to come into fruition in one way or another. – ruben_KAI Oct 07 '14 at 16:55
  • @JonasWielicki But yes - and the combined entropy of everything, from my understanding, resonates as physical noise. Which would be why we use it as the ultimate source of random information. But if we ever understand the universe well enough to be able to compute and predict physical noise - well then I doubt we would have the need for encryption... lol – ruben_KAI Oct 07 '14 at 16:59
  • Also @JonasWielicki, that was the answer that I was looking for - Python uses a driver, and that driver gathers data from a source that samples physical noise. (Although the source/vendor may been sponsored or influenced heavily by three letter agencies who have an interest in being able to access any information they please, and host it in giant servers in Nevada or some place for analysis.) Hmmmm - makes enough sense to me. Going to have to verify this, well at least the first half without parentheses anyways, lol. – ruben_KAI Oct 07 '14 at 17:07
  • Interesting answer if you supported your statement with an official reference – Billal Begueradj Sep 23 '17 at 07:24
  • 1
    @BillalBEGUERADJ, the [documentation for `os.urandom`](https://docs.python.org/3/library/os.html#os.urandom) explains exactly how it gets random data from the OS, and the [documentation for `SystemRandom`](https://docs.python.org/3/library/random.html#random.SystemRandom) says that it calls `os.urandom`. As for how the OS gets the data, you can read about [how `/dev/random` and `/dev/urandom` work](https://en.wikipedia.org/wiki//dev/random). – Wyzard Sep 23 '17 at 07:38
  • It's interesting, that with a higher value of iterations the distribution of generated numbers is getting normal. I'm actually curious how to get rid of the normal distribution? – Jürgen K. Aug 19 '19 at 13:20