I don't know, but the documentation on it says that it produces cryptographically secure random numbers. And I believe that it actually is based on the actual system call, since it is imported from the winnt module or something like that. Anyway, I don't use Window$ anymore, so it so no concern of mine./dev/random and/dev/urandom are good for me.
By the way, according to the man page,/dev/urandom has never been shown not to be cryptographically secure, though it theoretically could be.
I remember about a year ago, I did fifteen or so different statistical tests on the random numbers generated by the Windows urandom system call in Python. It turns out that the numbers are not cryptographically secure, and most of the results of the statistical tests were p less than 0.0001 or p greater than 0.9999. That is, very high correlation between "random" numbers. You want something 0.01 less than p less than 0.99 for something even moderately secure.
Slashdot Mirror
Charge for support or for some other service.
I looked at the os.py source file, and urandom() is probably really nt.urandom() since, if windows, does:
from nt import *
from ntpath import *
and I doubt that it is in ntpath
Oh, I was talking about the documentation of the urandom() function in Python.
import os
help(os.urandom)
I can't swear to it, though, since I haven't used windows for such things in a very long time.
I don't know, but the documentation on it says that it produces cryptographically secure random numbers. And I believe that it actually is based on the actual system call, since it is imported from the winnt module or something like that. Anyway, I don't use Window$ anymore, so it so no concern of mine. /dev/random and /dev/urandom are good for me.
/dev/urandom has never been shown not to be cryptographically secure, though it theoretically could be.
By the way, according to the man page,
I remember about a year ago, I did fifteen or so different statistical tests on the random numbers generated by the Windows urandom system call in Python. It turns out that the numbers are not cryptographically secure, and most of the results of the statistical tests were p less than 0.0001 or p greater than 0.9999. That is, very high correlation between "random" numbers. You want something 0.01 less than p less than 0.99 for something even moderately secure.