How Random Is Random?

Most random data generated with Python is not fully random in the scientific sense of the word. Rather, it is pseudorandom: generated with a pseudorandom number generator (PRNG), which is essentially any algorithm for generating seemingly random but still reproducible data.

“True” random numbers can be generated by, you guessed it, a true random number generator (TRNG). One example is to repeatedly pick up a die off the floor, toss it in the air, and let it land how it may.

PRNGs, usually done with software rather than hardware. They start with a random number, known as the seed, and then use an algorithm to generate a pseudo-random sequence of bits based on it.
You’ve probably seen random.seed(999), random.seed(1234), or the like, in Python. This function call is seeding the underlying random number generator used by Python’s randommodule. It is what makes subsequent calls to generate random numbers deterministic: input A always produces output B. This blessing can also be a curse if it is used maliciously.
If you use the seed value 1234, the subsequent sequence of calls to random() should always be identical:

  1. >>> seed(1234)
  2. >>> [random() for _ in range(10)]
  3. [16, 10, 11, 14, 4, 12, 17, 13, 1, 3]
  5. >>> seed(1234)
  6. >>> [random() for _ in range(10)]
  7. [16, 10, 11, 14, 4, 12, 17, 13, 1, 3]

What Is “Cryptographically Secure?”

CSPRNGs, or cryptographically secure PRNGs, are suitable for generating sensitive data such as passwords, authenticators, and tokens. Given a random string, there is realistically no way for Malicious Joe to determine what string came before or after that string in a sequence of random strings. A key point about CSPRNGs is that they are still pseudorandom. They are engineered in some way that is internally deterministic, but they add some other variable or have some property that makes them “random enough” to prohibit backing into whatever function enforces determinism.

What You’ll Cover Here

In practical terms, this means that you should use plain PRNGs for statistical modeling, simulation, and to make random data reproducible. They’re also significantly faster than CSPRNGs, as you’ll see later on. Use CSPRNGs for security and cryptographic applications where data sensitivity is imperative.

In addition to expanding on the use cases above, in this tutorial, you’ll delve into Python tools for using both PRNGs and CSPRNGs:

  • PRNG options include the random module from Python’s standard library and its array-based NumPy counterpart, numpy.random.
  • Python’s os, secrets, and uuid modules contain functions for generating cryptographically secure objects.

You’ll touch on all of the above and wrap up with a high-level comparison.

PRNGs in Python

The random Module

Probably the most widely known tool for generating random data in Python is its randommodule, which uses the Mersenne Twister PRNG algorithm as its core generator.

Earlier, you touched briefly on random.seed(), and now is a good time to see how it works. First, let’s build some random data without seeding. The random.random() function returns a random float in the interval [0.0, 1.0). The result will always be less than the right-hand endpoint (1.0). This is also known as a semi-open range:

  1. >>>
  2. >>> # Don't call `random.seed()` yet
  3. >>> import random
  4. >>> random.random()
  5. 0.35553263284394376
  6. >>> random.random()
  7. 0.6101992345575074

If you run this code yourself, I’ll bet my life savings that the numbers returned on your machine will be different. The default when you don’t seed the generator is to use your current system time or a “randomness source” from your OS if one is available.
With random.seed(), you can make results reproducible, and the chain of calls after random.seed() will produce the same trail of data:

  1. >>>
  2. >>> random.seed(444)
  3. >>> random.random()
  4. 0.3088946587429545
  5. >>> random.random()
  6. 0.01323751590501987
  8. >>> random.seed(444)  # Re-seed
  9. >>> random.random()
  10. 0.3088946587429545
  11. >>> random.random()
  12. 0.01323751590501987

Notice the repetition of “random” numbers. The sequence of random numbers becomes deterministic, or completely determined by the seed value, 444.

Above, you generated a random float. You can generate a random integer between two endpoints in Python with the random.randint() function. This spans the full [x, y] interval and may include both endpoints:

  1. >>> random.randint(0, 10)
  2. 7
  3. >>> random.randint(500, 50000)
  4. 18601

With random.randrange(), you can exclude the right-hand side of the interval, meaning the generated number always lies within [x, y) and will always be smaller than the right endpoint:

  1. >>> random.randrange(1, 10)
  2. 5

If you need to generate random floats that lie within a specific [x, y] interval, you can use random.uniform(), which plucks from the continuous uniform distribution:

  1. >>> random.uniform(20, 30)
  2. 27.42639687016509
  3. >>> random.uniform(30, 40)
  4. 36.33865802745107

To pick a random element from a non-empty sequence (like a list or a tuple), you can use random.choice(). There is also random.choices() for choosing multiple elements from a sequence with replacement (duplicates are possible):

  1. >>> items = ['one', 'two', 'three', 'four', 'five']
  2. >>> random.choice(items)
  3. 'four'
  5. >>> random.choices(items, k=2)
  6. ['three', 'three']
  7. >>> random.choices(items, k=3)
  8. ['three', 'five', 'four']

To mimic sampling without replacement, use random.sample():

  1. >>> random.sample(items, 4)
  2. ['one', 'five', 'four', 'three']

You can randomize a sequence in-place using random.shuffle(). This will modify the sequence object and randomize the order of elements:

  1. >>> random.shuffle(items)
  2. >>> items
  3. ['four', 'three', 'two', 'one', 'five']

If you’d rather not mutate the original list, you’ll need to make a copy first and then shuffle the copy. You can create copies of Python lists with the copy module, or just x[:] or x.copy(), where x is the list.

Application one: generating a sequence of unique random strings of uniform length.

  1. import string
  3. def unique_strings(k: int, ntokens: int,
  4.                pool: str=string.ascii_letters) -> set:
  5.     """Generate a set of unique string tokens.
  7.     k: Length of each token
  8.     ntokens: Number of tokens
  9.     pool: Iterable of characters to choose from
  11.     For a highly optimized version:
  12.     https://stackoverflow.com/a/48421303/7954504
  13.     """
  15.     seen = set()
  17.     # An optimization for tightly-bound loops:
  18.     # Bind these methods outside of a loop
  19.     join = ''.join
  20.     add = seen.add
  22.     while len(seen) < ntokens:
  23.         token = join(random.choices(pool, k=k))
  24.         add(token)
  25.     return seen

Examples:

  1. >>> unique_strings(k=4, ntokens=5)
  2. {'AsMk', 'Cvmi', 'GIxv', 'HGsZ', 'eurU'}
  4. >>> unique_strings(5, 4, string.printable)
  5. {"'O*1!", '9Ien%', 'W=m7<', 'mUD|z'}

PRNGs for Arrays: numpy.random

One thing you might have noticed is that a majority of the functions from random return a scalar value (a single int, float, or other object). If you wanted to generate a sequence of random numbers, one way to achieve that would be with a Python list comprehension:

  1. >>> [random.random() for _ in range(5)]
  2. [0.021655420657909374,
  3.  0.4031628347066195,
  4.  0.6609991871223335,
  5.  0.5854998250783767,
  6.  0.42886606317322706]

But there is another option that is specifically designed for this. You can think of NumPy’s own numpy.random package as being like the standard library’s random, but for NumPy arrays. (It also comes loaded with the ability to draw from a lot more statistical distributions.)

Take note that numpy.random uses its own PRNG that is separate from plain old random. You won’t produce deterministically random NumPy arrays with a call to Python’s own random.seed():

  1. >>> import numpy as np
  2. >>> np.random.seed(444)
  3. >>> np.set_printoptions(precision=2)  # Output decimal fmt.

Without further ado, here are a few examples to whet your appetite:

  1. >>> # Return samples from the standard normal distribution
  2. >>> np.random.randn(5)
  3. array([ 0.36,  0.38,  1.38,  1.18, -0.94])
  5. >>> np.random.randn(3, 4)
  6. array([[-1.14, -0.54, -0.55,  0.21],
  7.        [ 0.21,  1.27, -0.81, -3.3 ],
  8.        [-0.81, -0.36, -0.88,  0.15]])
  10. >>> # `p` is the probability of choosing each element
  11. >>> np.random.choice([0, 1], p=[0.6, 0.4], size=(5, 4))
  12. array([[0, 0, 1, 0],
  13.        [0, 1, 1, 1],
  14.        [1, 1, 1, 0],
  15.        [0, 0, 0, 1],
  16.        [0, 1, 0, 1]])

In the syntax for randn(d0, d1, ..., dn), the parameters d0, d1, ..., dn are optional and indicate the shape of the final object. Here, np.random.randn(3, 4) creates a 2d array with 3 rows and 4 columns. The data will be i.i.d., meaning that each data point is drawn independent of the others.

Another common operation is to create a sequence of random Boolean values, True or False. One way to do this would be with np.random.choice([True, False]). However, it’s actually about 4x faster to choose from (0, 1) and then view-cast these integers to their corresponding Boolean values:

  1. >>> # NumPy's `randint` is [inclusive, exclusive), unlike `random.randint()`
  2. >>> np.random.randint(0, 2, size=25, dtype=np.uint8).view(bool)
  3. array([ True, False,  True,  True, False,  True, False, False, False,
  4.        False, False,  True,  True, False, False, False,  True, False,
  5.         True, False,  True,  True,  True, False,  True])

What about generating correlated data? Let’s say you want to simulate two correlated time series. One way of going about this is with NumPy’s multivariate_normal() function, which takes a covariance matrix into account. In other words, to draw from a single normally distributed random variable, you need to specify its mean and variance (or standard deviation).

To sample from the multivariate normal distribution, you specify the means and covariance matrix, and you end up with multiple, correlated series of data that are each approximately normally distributed. However, rather than covariance, correlation is a measure that is more familiar and intuitive to most. It’s the covariance normalized by the product of standard deviations, and so you can also define covariance in terms of correlation and standard deviation:
Generating Random Data in Python - 图1
So, could you draw random samples from a multivariate normal distribution by specifying a correlation matrix and standard deviations? Yes, but you’ll need to get the above into matrix form first. Here, S is a vector of the standard deviations, P is their correlation matrix, and C is the resulting (square) covariance matrix:
Generating Random Data in Python - 图2

This can be expressed in NumPy as follows:

  1. def corr2cov(p: np.ndarray, s: np.ndarray) -> np.ndarray:
  2.     """Covariance matrix from correlation & standard deviations"""
  3.     d = np.diag(s)
  4.     return d @ p @ d

Now, you can generate two time series that are correlated but still random:

  1. >>> # Start with a correlation matrix and standard deviations.
  2. >>> # -0.40 is the correlation between A and B, and the correlation
  3. >>> # of a variable with itself is 1.0.
  4. >>> corr = np.array([[1., -0.40],
  5. ...                  [-0.40, 1.]])
  7. >>> # Standard deviations/means of A and B, respectively
  8. >>> stdev = np.array([6., 1.])
  9. >>> mean = np.array([2., 0.5])
  10. >>> cov = corr2cov(corr, stdev)
  12. >>> # `size` is the length of time series for 2d data
  13. >>> # (500 months, days, and so on).
  14. >>> data = np.random.multivariate_normal(mean=mean, cov=cov, size=500)
  15. >>> data[:10]
  16. array([[ 0.58,  1.87],
  17.        [-7.31,  0.74],
  18.        [-6.24,  0.33],
  19.        [-0.77,  1.19],
  20.        [ 1.71,  0.7 ],
  21.        [-3.33,  1.57],
  22.        [-1.13,  1.23],
  23.        [-6.58,  1.81],
  24.        [-0.82, -0.34],
  25.        [-2.32,  1.1 ]])
  26. >>> data.shape
  27. (500, 2)

You can think of data as 500 pairs of inversely correlated data points. Here’s a sanity check that you can back into the original inputs, which approximate corr, stdev, and mean from above:

  1. >>> np.corrcoef(data, rowvar=False)
  2. array([[ 1.  , -0.39],
  3.        [-0.39,  1.  ]])
  5. >>> data.std(axis=0)
  6. array([5.96, 1.01])
  8. >>> data.mean(axis=0)
  9. array([2.13, 0.49])

Before we move on to CSPRNGs, it might be helpful to summarize some random functions and their numpy.random counterparts:

Python random Module NumPy Counterpart Desc
random() rand() Random float in [0.0, 1.0)
randint(a, b) random_integers() Random integer in [a, b]
randrange(a, b[, step]) randint() Random integer in [a, b)
uniform(a, b) uniform() Random float in [a, b]
choice(seq) choice() Random element from seq
choices(seq, k=1) choice() Random k elements from seqwith replacement
sample(population, k) choice() with replace=False Random k elements from seqwithout replacement
shuffle(x[, random]) shuffle() Shuffle the sequence x in place
normalvariate(mu, sigma)or gauss(mu, sigma) normal() Sample from a normal distribution with mean mu and standard deviation sigma

Note: NumPy is specialized for building and manipulating large, multidimensional arrays. If you just need a single value, random will suffice and will probably be faster as well. For small sequences, random may even be faster too, because NumPy does come with some overhead.

CSPRNGs in Python

os.urandom(): About as Random as It Gets

Python’s os.urandom() function is used by both secrets and uuid (both of which you’ll see here in a moment). Without getting into too much detail, os.urandom() generates operating-system-dependent random bytes that can safely be called cryptographically secure:

  • On Unix operating systems, it reads random bytes from the special file /dev/urandom, which in turn “allow access to environmental noise collected from device drivers and other sources.” (Thank you, Wikipedia.) This is garbled information that is particular to your hardware and system state at an instance in time but at the same time sufficiently random.
  • On Windows, the C++ function CryptGenRandom().aspx) is used. This function is still technically pseudorandom, but it works by generating a seed value from variables such as the process ID, memory status, and so on.

With os.urandom(), there is no concept of manually seeding. While still technically pseudorandom, this function better aligns with how we think of randomness. The only argument is the number of bytes to return:

  1. >>> os.urandom(3)
  2. b'\xa2\xe8\x02'
  4. >>> x = os.urandom(6)
  5. >>> x
  6. b'\xce\x11\xe7"!\x84'
  8. >>> type(x), len(x)
  9. (bytes, 6)

Python’s Best Kept secrets

Introduced in Python 3.6 by one of the more colorful PEPs out there, the secrets module is intended to be the de facto Python module for generating cryptographically secure random bytes and strings.

You can check out the source code for the module, which is short and sweet at about 25 lines of code. secrets is basically a wrapper around os.urandom(). It exports just a handful of functions for generating random numbers, bytes, and strings. Most of these examples should be fairly self-explanatory:

  1. >>> n = 16
  3. >>> # Generate secure tokens
  4. >>> secrets.token_bytes(n)
  5. b'A\x8cz\xe1o\xf9!;\x8b\xf2\x80pJ\x8b\xd4\xd3'
  6. >>> secrets.token_hex(n)
  7. '9cb190491e01230ec4239cae643f286f'  
  8. >>> secrets.token_urlsafe(n)
  9. 'MJoi7CknFu3YN41m88SEgQ'
  11. >>> # Secure version of `random.choice()`
  12. >>> secrets.choice('rain')
  13. 'a'

One Last Candidate: uuid

One last option for generating a random token is the uuid4() function from Python’s uuidmodule. A UUID is a Universally Unique IDentifier, a 128-bit sequence (str of length 32) designed to “guarantee uniqueness across space and time.” uuid4() is one of the module’s most useful functions, and this function also uses os.urandom():

  1. >>> import uuid
  3. >>> uuid.uuid4()
  4. UUID('3e3ef28d-3ff0-4933-9bba-e5ee91ce0e7b')
  5. >>> uuid.uuid4()
  6. UUID('2e115fcb-5761-4fa1-8287-19f4ee2877ac')

The nice thing is that all of uuid’s functions produce an instance of the UUID class, which encapsulates the ID and has properties like .int, .bytes, and .hex:

  1. >>> tok = uuid.uuid4()
  2. >>> tok.bytes
  3. b'.\xb7\x80\xfd\xbfIG\xb3\xae\x1d\xe3\x97\xee\xc5\xd5\x81'
  5. >>> len(tok.bytes)
  6. 16
  7. >>> len(tok.bytes) * 8  # In bits
  8. 128
  10. >>> tok.hex
  11. '2eb780fdbf4947b3ae1de397eec5d581'
  12. >>> tok.int
  13. 62097294383572614195530565389543396737

You may also have seen some other variations: uuid1(), uuid3(), and uuid5(). The key difference between these and uuid4() is that those three functions all take some form of input and therefore don’t meet the definition of “random” to the extent that a Version 4 UUID does:

  • uuid1() uses your machine’s host ID and current time by default. Because of the reliance on current time down to nanosecond resolution, this version is where UUID derives the claim “guaranteed uniqueness across time.”
  • uuid3() and uuid5() both take a namespace identifier and a name. The former uses an MD5 hash and the latter uses SHA-1.

uuid4(), conversely, is entirely pseudorandom (or random). It consists of getting 16 bytes via os.urandom(), converting this to a big-endian integer, and doing a number of bitwise operations to comply with the formal specification.

One common use of uuid is in Django, which has a UUIDField that is often used as a primary key in a model’s underlying relational database.

Recap

You’ve covered a lot of ground in this tutorial. To recap, here is a high-level comparison of the options available to you for engineering randomness in Python:

Package/Module Description Cryptographically Secure
random Fasty & easy random data using Mersenne Twister No
numpy.random Like random but for (possibly multidimensional) arrays No
os Contains urandom(), the base of other functions covered here Yes
secrets Designed to be Python’s de facto module for generating secure random numbers, bytes, and strings Yes
uuid Home to a handful of functions for building 128-bit identifiers Yes, uuid4()

References:

  1. Generating Random Data in Python (Guide)