Random numbers and data generated by the random class are not cryptographically secure. An output of all random module function whether it is used to generate a random number or to pick random elements from sequence or population is not cryptographically secure. In this article, I will tell you how to generate a secure random number in Python.
- The article is part of a series Generate Random Data In Python.
- Also, solve our Python random data generation Exercise and Python Random data generation Quiz to master random data generation techniques.
Goals of this lesson. In this lesson, you’ll learn the following ways to cryptographically secure random number generator in Python
- The
os.urandom()method to cryptographically secure the random generator - The
random.SystemRandomclass to generate a cryptographically secure the random data. - Python 3.6’s Secrets module to secure random data
There are no cryptographically secure random numbers, but a random number generator can be cryptographically secure. A cryptographically secure pseudo-random number generator is a random number generator which generates the random number using synchronization methods so that no two processes can obtain the same random number at the same time.
Because of the above properties, it is useful in cryptography application where data security is essential. Most cryptographic applications require secure random numbers and String. For example, key and secrets generation, nonces, OTP, Passwords, and PINs, secure token and URLs.
Let see each option one by one now.
os.urandom() to cryptographically secure the random generator
- The
os.urandom()returns a string of size random bytes suitable for cryptographic use. - This function returns a string.
- This function returns random bytes. random bytes returned by this function depend on the random sources of the OS. Quality of randomness depends on random sources of the OS.randoms sources is different for each operating system
- On Windows, os.urandom() internally uses CryptGenRandom()
- Linux 3.17 and newer, the getrandom() syscall is now used when available. On OpenBSD 5.6 and newer,
the C getentropy() function is now used. - The data returned by os.urandom() is enough for cryptographic applications.
Example
import os
data = os.urandom(5)
print("secure data from os.urandom ", data)Output: Run Online
secure data from os.urandom b'^%0OX'
The os.urandom() generates a string of random bytes. Use struct module to convert bytes into the format you want. example convert it into integer or float.
- The
struct.unpack(format, buffer)method is used to convert bytes into the format you want. - Here format is the format you want – for example,
ifor integer, andffor float. - A buffer is the source of bytes i.e.
os.urandom().
Note: the struct.unpack(format, buffer) returns the result in tuple format.
Let see the example:
import os
import struct
print("Print random integer using os.urandom()")
print(struct.unpack('i', os.urandom(4)))
print(struct.unpack('i', os.urandom(4)))
print("Print unsigned random integer using os.urandom()")
print(struct.unpack('I', os.urandom(4)))
print(struct.unpack('I', os.urandom(4)))
print(struct.unpack('I', os.urandom(4))[0] % 100)
print("Print random short using os.urandom()")
print(struct.unpack('h', os.urandom(2)))
print(struct.unpack('h', os.urandom(2)))
print("Print unsigned random short using os.urandom()")
print(struct.unpack('H', os.urandom(2)))
print(struct.unpack('H', os.urandom(2)))
print("Print random float using os.urandom()")
print(struct.unpack('f', os.urandom(4)))
print(struct.unpack('f', os.urandom(4)))
print("Print un-singed random integer using os.urandom()")
print(struct.unpack('d', os.urandom(8)))
print(struct.unpack('d', os.urandom(8)))
print("Print un-singed random char using os.urandom()")
print(struct.unpack('c', os.urandom(1)))
print(struct.unpack('c', os.urandom(1)))Output: Run Online
Print random integer using os.urandom() (272015785,) (-572856840,) Print unsigned random integer using os.urandom() (1386101687,) (2414992780,) 56 Print random short using os.urandom() (20528,) (-9125,) Print unsigned random short using os.urandom() (14243,) (8838,) Print random float using os.urandom() (13.168272972106934,) (-7600677.0,) Print un-singed random integer using os.urandom() (-4.434840512735927e-120,) (-5.215330708900136e+174,) Print un-singed random char using os.urandom() (b'\xdf',) (b'T',)
Instead of doing the conversion on your own you can also use random.SystemRandom class. random.SystemRandom class internally uses os.urandom() function.
Use random.SystemRandom class to cryptographically secure the random generator
SystemRandom class internally uses the os.urandom() function for generating random numbers from sources provided by the operating system. This class is not available on all systems.
We can get this class from a random module using systemRandom = random.SystemRandom(). Then we can use the systemRandom instance to call the random module functions so we can secure our random data.
The syntax of SystemRandom class
random.SystemRandom([seed])
- The seed() method has no effect and is ignored.
random.SystemRandomreturns the instance of SystemRandom class. Using this class, you can call all the functions of the random module.- The random.getState() and random.setState() function is not available under this class and raise NotImplementedError if called.
random.SystemRandom class examples
Let see how to use random.SystemRandom to generate cryptographically secure random numbers. Let see the example now.
import random
#getting systemRandom instance out of random class
systemRandom = random.SystemRandom()
#SystemRandom.randint()
randomNumber = systemRandom.randint(1,30)
print("Secure random number using SystemRandom class is ", randomNumber)
#SystemRandom.randrange()
randomNumber = systemRandom.randrange(50,100)
print("Secure random number within range using SystemRandom class is ", randomNumber)
#SystemRandom.choice
list = [1,2,3,4,5,6,7,8,9,10]
secure_choice = systemRandom.choice(list)
print ("cryptographically secure random choices using SystemRandom class is ", secure_choice)
#SystemRandom.sample
secure_sample = systemRandom.sample(list, 3)
print ("cryptographically secure random sample using SystemRandom class is ", secure_sample)
#SystemRandom.uniform()
randomfloat = systemRandom.uniform(5.5, 25.5)
print("Secure random float number using SystemRandom class is ", randomfloat)
Output: Run Online
Secure random number using SystemRandom class is 11 Secure random number within range using SystemRandom class is 82 cryptographically secure random choices using SystemRandom class is 2 cryptographically secure random sample using SystemRandom class is [4, 10, 5] Secure random float number using SystemRandom class is 21.401390714704462
As you can see in the above example we secured an output of the following functions of the random module.
random(),randint(),randrange(),choice,sample,uniform.
Note: we called all these functions using the random.SystemRandom class.
Python 3.6’s Secrets module to secure random data
Python 3.6 introduced a new module called secrets for generating a reliable secure random number, URLs, and tokens. For example, use the secrets.randbelow function to generate a secure integer number.
Refer our complete guide on Secrets Module to explore this module in detail.
import secrets
print("Random integer number generated using secrets module is ")
number = secrets.randbelow(30)
print(number)
number = secrets.randbelow(30)
print(number)Output: Run Online
Random integer number generated using secrets module is 27 20
Next Steps
To practice what you learned in this article, I have created a Python random data generation Quiz and Exercise project.
- Solve our Python Random data generation Quiz to test your random data generation concepts.
- Solve the Python Random data generation Exercise to practice and master the random data generation techniques.
Let me know your comments and feedback in the section below.
