[Python-Dev] Confusion about os.urandom()

"Martin v. Löwis" martin at v.loewis.de
Fri Nov 19 21:59:06 CET 2004

Matthias Andreas Benkard wrote:
> At first, I was a bit stunned about the choice of name here. Why would
> anyone call this method urandom()? That confused me a bit, for, AFAICS,
> under Linux at least, /dev/random is the entropy pool and /dev/urandom
> is a PRNG (or rather, a source of random numbers which falls back to a
> PRNG when the entropy pool runs out of numbers).

That is not true. It doesn't first exhaust the pool and then falls back
to PRNG. Instead, it gradually moves to a PRNG, depending on the amount
of entropy in the pool. The values returned are still cryptographically
secure, except in purely theoretical cases (where a lot of entropy is
drawn from random or urandom, and nothing is filled in).

> Now I'm really confused. Does os.urandom() use /dev/urandom under Linux?

Yes, it does.

> That's what help(os.urandom) says:
>     urandom(n) -> str
>     Return a string of n random bytes suitable for cryptographic use.
> So it should be using /dev/random rather than /dev/urandom, shouldn't
> it?

No, it shouldn't. /dev/random may block, which os.urandom() will not.
The name urandom deliberately tells users that there is a theoretical
flaw (which is practically irrelevant). If users cannot stand the
theoretical flaw, they need to use /dev/random (which also has
theoretical flaws that just happen to be even less practically
relevant). In that case
a) they have to accept that reading /dev/random might block
    indefinitely, and
b) their code will become more system-dependent.


More information about the Python-Dev mailing list