FWIW, here is what https://cryptography.io has re: random (/? rng python
cryptography)
```rst
Random number generation
========================
When generating random data for use in cryptographic operations, such as an
initialization vector for encryption in
:class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not
want to use the standard :mod:`random` module APIs. This is because they do
not
provide a cryptographically secure random number generator, which can
result in
major security issues depending on the algorithms in use.
Therefore, it is our recommendation to `always use your operating system's
provided random number generator`_, which is available as
:func:`os.urandom`.
For example, if you need 16 bytes of random data for an initialization
vector,
you can obtain them with:
.. doctest::
>>> import os
>>> iv = os.urandom(16)
This will use ``/dev/urandom`` on UNIX platforms, and ``CryptGenRandom`` on
Windows.
If you need your random number as an integer (for example, for
:meth:`~cryptography.x509.CertificateBuilder.serial_number`), you can use
``int.from_bytes`` to convert the result of ``os.urandom``:
.. code-block:: pycon
>>> serial = int.from_bytes(os.urandom(20), byteorder="big")
Starting with Python 3.6 the `standard library includes`_ the ``secrets``
module, which can be used for generating cryptographically secure random
numbers, with specific helpers for text-based formats.
.. _`always use your operating system's provided random number generator`:
https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
.. _`standard library includes`:
https://docs.python.org/3/library/secrets.html
```
- https://docs.python.org/3/library/random.html
- https://docs.python.org/3/library/random.html#random.SystemRandom
- https://docs.python.org/3/library/os.html#os.urandom (see below for the
docs)
- https://docs.python.org/3/library/secrets.html
-
https://numpy.org/doc/stable/reference/random/generator.html#simple-random-data
-
https://docs.scipy.org/doc/scipy/reference/tutorial/stats/discrete.html#discrete-distributions-in-scipy-stats
-
https://docs.scipy.org/doc/scipy/reference/tutorial/stats/discrete_randint.html
- https://docs.python.org/3/library/os.html#os.urandom :
```rst
Random numbers
--------------
.. function:: getrandom(size, flags=0)
Get up to *size* random bytes. The function can return less bytes than
requested.
These bytes can be used to seed user-space random number generators or
for
cryptographic purposes.
``getrandom()`` relies on entropy gathered from device drivers and other
sources of environmental noise. Unnecessarily reading large quantities of
data will have a negative impact on other users of the ``/dev/random``
and
``/dev/urandom`` devices.
The flags argument is a bit mask that can contain zero or more of the
following values ORed together: :py:data:`os.GRND_RANDOM` and
:py:data:`GRND_NONBLOCK`.
See also the `Linux getrandom() manual page
<http://man7.org/linux/man-pages/man2/getrandom.2.html>`_.
.. availability:: Linux 3.17 and newer.
.. versionadded:: 3.6
.. function:: urandom(size)
Return a string of *size* random bytes suitable for cryptographic use.
This function returns random bytes from an OS-specific randomness
source. The
returned data should be unpredictable enough for cryptographic
applications,
though its exact quality depends on the OS implementation.
On Linux, if the ``getrandom()`` syscall is available, it is used in
blocking mode: block until the system urandom entropy pool is initialized
(128 bits of entropy are collected by the kernel). See the :pep:`524` for
the rationale. On Linux, the :func:`getrandom` function can be used to
get
random bytes in non-blocking mode (using the :data:`GRND_NONBLOCK` flag)
or
to poll until the system urandom entropy pool is initialized.
On a Unix-like system, random bytes are read from the ``/dev/urandom``
device. If the ``/dev/urandom`` device is not available or not readable,
the
:exc:`NotImplementedError` exception is raised.
On Windows, it will use ``CryptGenRandom()``.
.. seealso::
The :mod:`secrets` module provides higher level functions. For an
easy-to-use interface to the random number generator provided by your
platform, please see :class:`random.SystemRandom`.
.. versionchanged:: 3.6.0
On Linux, ``getrandom()`` is now used in blocking mode to increase the
security.
.. versionchanged:: 3.5.2
On Linux, if the ``getrandom()`` syscall blocks (the urandom entropy
pool
is not initialized yet), fall back on reading ``/dev/urandom``.
.. versionchanged:: 3.5
On Linux 3.17 and newer, the ``getrandom()`` syscall is now used
when available. On OpenBSD 5.6 and newer, the C ``getentropy()``
function is now used. These functions avoid the usage of an internal
file
descriptor.
.. data:: GRND_NONBLOCK
By default, when reading from ``/dev/random``, :func:`getrandom` blocks
if
no random bytes are available, and when reading from ``/dev/urandom``,
it blocks
if the entropy pool has not yet been initialized.
If the :py:data:`GRND_NONBLOCK` flag is set, then :func:`getrandom` does
not
block in these cases, but instead immediately raises
:exc:`BlockingIOError`.
.. versionadded:: 3.6
.. data:: GRND_RANDOM
If this bit is set, then random bytes are drawn from the
``/dev/random`` pool instead of the ``/dev/urandom`` pool.
.. versionadded:: 3.6
```
On Fri, Jul 9, 2021 at 6:04 PM Ethan Furman <et...@stoneleaf.us> wrote:
> On 7/9/21 2:25 PM, Tim Peters wrote:
>
> > `secrets` is just a wrapper around `random.SystemRandom`, so the
> > presence or absence of `secrets` doesn't matter.
> >
> > As to SystemRandom, all answers depend on the quality of the platform
> > os.urandom(), which Python has no control over. See my answer here,
> > and the comments on it:
> >
> > https://stackoverflow.com/questions/20936993/
>
> Good to know, thanks.
>
> --
> ~Ethan~
> _______________________________________________
> Python-Dev mailing list -- python-dev@python.org
> To unsubscribe send an email to python-dev-le...@python.org
> https://mail.python.org/mailman3/lists/python-dev.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-dev@python.org/message/ZGCYXLN6FS3RUHRWH65EDDS5CDMVDBJH/
> Code of Conduct: http://python.org/psf/codeofconduct/
>
_______________________________________________
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/J7YOUMIGLZNKP7T7LKWDM3LG2MDNEMZ3/
Code of Conduct: http://python.org/psf/codeofconduct/
