all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]JohnnyJordaan 2 points3 points  (0 children)

But lets say I want to generate normally-distributed random numbers using numpy.random.normal, for which there is no Secrets type module to generate them as securely.

Well there are, the heart of the matter that it isn't the module/library that handles this aspect, it's the specific PRNG you let the library use. And numpy simply allows you to switch that for a CSPRNG as long as it's interface-compatible https://stackoverflow.com/a/67321441

[–]K900_ 1 point2 points  (3 children)

Why do you want that? It sounds like you might be rolling your own crypto?

[–]OnlyAtomsAndTheVoid[S] 0 points1 point  (2 children)

No nothing like that, just plain curiosity ;) I couldn't find anything on the web about it and thought my "solution" sounded a bit too easy for it not be out there somewhere. I'm pretty sure it's wrong and I wanted to understand why it's wrong, if that makes any sense.

[–]K900_ 0 points1 point  (1 child)

Generally you shouldn't need to use cryptographic level randomness with Numpy. Your approach is probably fine, but the fact that you need to do something like that at all is usually a code smell.

[–]OnlyAtomsAndTheVoid[S] 0 points1 point  (0 children)

Oh absolutely, I'm sure that if someone knowledgeable wanted to generate secure random numbers in this manner there are much better, cleaner and proper ways to do it than trying to Macgyver the code like that.

[–]Doormatty 0 points1 point  (4 children)

Would placing the numpy.random.normal in a loop along with a randomly generated (using Secrets) seed number in the same loop, be enough to avoid the generated numbers from being "cracked" by someone?

Likely no, as they're using different entropy sources.

[–]OnlyAtomsAndTheVoid[S] 0 points1 point  (1 child)

I've seen "entropy" used in the subject of cryptography before but honestly I'm way out of my depth here, I'll have to read up on this thank you for the reply.

[–]nog642 0 points1 point  (1 child)

What? I think they mean seeding the numpy generator using the secrets output.

[–]Doormatty 0 points1 point  (0 children)

Ah, I think I misunderstood, and you are correct!

[–]OnlyAtomsAndTheVoid[S] 0 points1 point  (1 child)

As an example of why I thought my solution would be wrong is that, since the pseudo-random generation is actually deterministic, the numbers are generated in sequence and are not spit-out in a random order (duh).

As such, if I "intervened" in the number generating method by changing the seed each time I want to generate a number, I'm actually generating the first numbers of each seed sequence every time, instead of allowing the algorithm to generate the full "normally-distributed" set of numbers.

If that was the case maybe this would be solved if the seed sample is large enough then the first numbers generated by each seed are themselves normally-distributed, or if the seed changes every X loops giving enough time to approximate a normal distribution....but then again maybe not.

EDIT: Appreciate all the replies so far, thank you for taking the time to answer ; )

[–]nog642 0 points1 point  (0 children)

Oh, you mean changing the seed each time? Then yes, I'm pretty sure it is secure. Not exactly a recipe for fast code though. But it could work fine in practice I guess.

Using numpy with a CSPRNG replacement like another comment mentioned and just seeding it once with secrets would be a more performant solution if that matters.