On 11/2/10, Crallion <cralli...@gmail.com> wrote:
> In an attempt to generate "true" random numbers, I found this python script-
> http://code.google.com/p/truerandom/
> Getting to the point, I get this error when I run my program.
>
> File "/dev/python/absolute/truerandom.py", line 9, in <module>
> from urllib import urlopen
> ImportError: cannot import name urlopen
>
> Is urllib and/or urlopen deprecated in 3.1.2 or is it something I forgot to
> do?
> Python is running on OSX 10.6, which I upgraded from the default install to
> 3.1.2.
The only 'true' source of entropy is a hardware random number
generator. For cryptographic work you don't need this. All you need is
a seemingly endless unpredictable sequence of bits. For this purpose,
a cryptographically secure pseudo random number generator will do
nicely. Furthermore, if your intent was for encryption, you shouldn't
be getting your entropy over the wire for obvious reasons. (Speed and
security.)
With your stress on 'true' random numbers, I can only assume your
intent is encryption. That said, use the operating system's random
number generator. This will vary from system to system in how it is
implemented, but all systems have one which is suitable for
cryptographic purposes. On *NIX flavors this will be /dev/random. You
can either read from this file directly to get a random stream of
bits, or use the python standard library to interface with it to do
things like get random numbers (as others have pointed out.)
Whether reads to this, or calls which use this, will block, waiting
for a suitable amount of entropy, depends on the system your code runs
on. For example on FreeBSD both '/dev/random' and '/dev/urandom' are
always non-blocking. FreeBSD uses a crypto secure 256-bit pseudo
random number generator based on yarrow. The same is true for Mac OS X
and AIX. On linux '/dev/random' will block if the entropy pool is
exhausted, while '/dev/urandom' will not, but is still considered
cryptographically secure. (And far better than any home brewed
solution.)
Also remember, 'pseudo-random' doesn't mean 'almost random,' it means
deterministic *if you know the initial state*. (This is only true of
some generators though, as some perturb their state with external
sources of entropy on a regular basis.) On python you can get random
numbers through the operating system's '/dev/urandom' (or on Windows,
CryptGenRandom ):
# Python example of getting secure, random numbers using the standard library:
# This works in python 2.4 and greater on most systems:
import random
foo = random.SystemRandom() # Uses /dev/urandom or Windows CryptGenRandom
# Print 10 random numbers:
for i in range(10):
foo.random()
What are you using the random numbers for?
-Modulok-
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
