[Python-ideas] Python's Source of Randomness and the random.py module Redux

Steven D'Aprano steve at pearwood.info
Thu Sep 10 05:46:08 CEST 2015

On Wed, Sep 09, 2015 at 08:01:16PM -0400, Donald Stufft wrote:
> Looking on google, the first result for "python random password" is
> StackOverflow which suggests:
>     ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(N))
> However, it was later edited to, after that, include:
>     ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(N))

You're worried about attacks on the random number generator that 
produces the characters in the password? I think I'm going to have to 
see an attack before I believe that this is meaningful.

Excluding PRNGs that are hopelessly biased ("nine, nine, nine, nine...") 
or predictable, how does knowing the PRNG help in an attack? Here's a 
password I just generated using your "corrected" version using 


(Honest, that's exactly what I got on my first try.)

Here's one I generated using the "bad" code snippet:


How can you tell them apart, or attack one but not the other based on 
the PRNG?

> So it wasn't obvious to the person who answered that question that the random
> module's module scoped functions were not appropiate for this use. It appears
> that the original answer lasted for roughly 4 years before it was corrected,

Shouldn't it be using a single instance of SystemRandom rather than a 
new instance for each call?

> According to Theo, modern userland CSPRNGs can create random bytes faster than
> memcpy 

That is an astonishing claim, and I'd want to see evidence for it before 
accepting it.


More information about the Python-ideas mailing list