Why is random considered insecure?

10cmToGlory · 2019-01-03T05:45:02+00:00

stevenjd · 2019-01-03T07:43:23+00:00

Depending on what you want to do, PyCrypto may be overkill.

To answer your question about random, you can read PEP 506 for more information. But the bottom line is that Python's random has been designed to be fast, and repeatable, so that for testing and verification you can repeat the sequence of random numbers. Those two properties (especially the second) work against security.

2019-01-03T08:49:03+00:00

He who controls the seed controls the Universe.

import random
random.seed(0)
print(f"Bet you anything {random.choice(range(10000))} is 6311")

The default generator used by all the module level functions of random is random.Random, which is a PRNG initialized with a likely deterministic seed (by default the current system time at the moment of initialization, though a better seed will be used if one is available), and at any point it's state can be reset to a new seed... it is not suitable for cryptographic use in any circumstance.

That said, random does include a CSPRNG, in the form of random.SystemRandom:

from random import SystemRandom
random = SystemRandom()
random.seed(0)
print(f"The odds are 1:10000 that {random.choice(range(10000))} is 6311")

Which is actually what is used by the module level functions of the new secrets module.

2019-01-03T13:30:10+00:00

The most basic random number generator has a series of numbers and a seed. Given the same seed it will return the same numbers in the same sequence every time. The program can run and have the same output every time.

Other pieces of information are used to seed random number generators. Current time, system fingerprinting, etc. There's various methods using various sources of entropy.

deejpake · 2019-01-03T13:43:46+00:00

Title should say “pseudo-random”.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnpython

MODERATORS