1

I'm using random.SystemRandom().choice(list_), and need confirmation that it gives independence and uniform discrete distribution for cryptographic purposes across CPython 3.x versions.

Does anyone know if these properties hold in CPython 3.0 - 3.9? random.SystemRandom is at least present in all of these, though 3.2 has problems with too-new versions of openssl.

Alternatively, is there an easy way of verifying it mathematically, perhaps using scipy or something? Please note that it needs to be discrete, not continuous. I do not have a background in statistics.

In a "string" histogram, it looks like:

1675814 0 ************************************************************
1677567 1 ************************************************************
1677969 2 ************************************************************
1678564 3 ************************************************************
1676721 4 ************************************************************
1677222 5 ************************************************************
1679371 6 ************************************************************
1678663 7 ************************************************************
1676892 8 ************************************************************
1678433 9 ************************************************************

...which seems good that far, but I don't know if that's considered uniform.

Thanks!

dstromberg
  • 6,954
  • 1
  • 26
  • 27
  • 2
    If your goal is cryptography, use the [secrets](https://docs.python.org/3/library/secrets.html) module instead. – jfaccioni Jul 09 '21 at 15:15
  • @jfaccioni We like the secrets module, but it isn't present in Python versions <= 3.5.x. The secrets module, at least in CPython 3.7, appears to build on random.SystemRandom(), hence our interest there. – dstromberg Jul 09 '21 at 15:33
  • 2
    You want more than being uniformly distributed. For crypto purposes independence is at least as important. For example, the sequence (1,2,3,1,2,3,1,2,3,...) is uniformly distributed over the range [1,3], but very very predictable. That's why suites such as [Diehard](https://en.wikipedia.org/wiki/Diehard_tests) apply many different types of tests to empirically assess sample data for a variety of theoretically derived properties that independent and identically distributed samples should have. [TestU01](https://en.wikipedia.org/wiki/TestU01) has 160 different tests in its "bigcrush" suite. – pjs Jul 09 '21 at 16:10
  • See this answer and the comments on it: https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python/20937265#20937265 – Tim Peters Jul 09 '21 at 21:21

0 Answers0