On 11/2/10, Crallion <cralli...@gmail.com> wrote: > In an attempt to generate "true" random numbers, I found this python script- > http://code.google.com/p/truerandom/ > Getting to the point, I get this error when I run my program. > > File "/dev/python/absolute/truerandom.py", line 9, in <module> > from urllib import urlopen > ImportError: cannot import name urlopen > > Is urllib and/or urlopen deprecated in 3.1.2 or is it something I forgot to > do? > Python is running on OSX 10.6, which I upgraded from the default install to > 3.1.2.
The only 'true' source of entropy is a hardware random number generator. For cryptographic work you don't need this. All you need is a seemingly endless unpredictable sequence of bits. For this purpose, a cryptographically secure pseudo random number generator will do nicely. Furthermore, if your intent was for encryption, you shouldn't be getting your entropy over the wire for obvious reasons. (Speed and security.) With your stress on 'true' random numbers, I can only assume your intent is encryption. That said, use the operating system's random number generator. This will vary from system to system in how it is implemented, but all systems have one which is suitable for cryptographic purposes. On *NIX flavors this will be /dev/random. You can either read from this file directly to get a random stream of bits, or use the python standard library to interface with it to do things like get random numbers (as others have pointed out.) Whether reads to this, or calls which use this, will block, waiting for a suitable amount of entropy, depends on the system your code runs on. For example on FreeBSD both '/dev/random' and '/dev/urandom' are always non-blocking. FreeBSD uses a crypto secure 256-bit pseudo random number generator based on yarrow. The same is true for Mac OS X and AIX. On linux '/dev/random' will block if the entropy pool is exhausted, while '/dev/urandom' will not, but is still considered cryptographically secure. (And far better than any home brewed solution.) Also remember, 'pseudo-random' doesn't mean 'almost random,' it means deterministic *if you know the initial state*. (This is only true of some generators though, as some perturb their state with external sources of entropy on a regular basis.) On python you can get random numbers through the operating system's '/dev/urandom' (or on Windows, CryptGenRandom ): # Python example of getting secure, random numbers using the standard library: # This works in python 2.4 and greater on most systems: import random foo = random.SystemRandom() # Uses /dev/urandom or Windows CryptGenRandom # Print 10 random numbers: for i in range(10): foo.random() What are you using the random numbers for? -Modulok- _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor