1

/dev/urandom is used in the much more recommended secrets.py library. It is also said that random module makes use of either current time or the system entropy from /dev/urandom. Then:

  • What seed does it use by default? Is it time or entropy from /dev/urandom when I do not myself define a seed?

  • If it uses /dev/urandom by default then it should be as safe as secrets module.

Ps I have looked at a similar question that was asked. My curiosity still wasn't full-filled as the former question remains unanswered.

This question only came up after I looked at https://github.com/tna0y/Python-random-module-cracker

Kelly Bundy
  • 23,480
  • 7
  • 29
  • 65
Code Gatherer
  • 57
  • 1
  • 6
  • can you link to that similar question anyway? – Kelly Bundy Aug 16 '21 at 12:31
  • the cracker you linked to illustrates that the random module is predictable (apparently even practically, not just in theory) and thus less safe, no? – Kelly Bundy Aug 16 '21 at 12:33
  • if you want to have a random sequence that would be completely impossible to predict, then you can't use software to generate it, it will be pseudo-random because for example you need the seed, for something truly random you should use something like atmospheric noise, I know that there is some website that provides such service, so you could write a small script to get the data from that website to get truly random sequences (that is if such website actually uses something like atmospheric noise) – Matiiss Aug 16 '21 at 12:40
  • @Matiiss Does that service website have the hard to remember name random.org? :-) – Kelly Bundy Aug 16 '21 at 12:50
  • Related: https://stackoverflow.com/questions/63609099/are-random-numbers-generated-using-a-quantum-integer-as-its-seed-considered-pseu/63609174#63609174 – Peter O. Aug 16 '21 at 17:20
  • Does this answer your question? [Are random numbers generated using a quantum integer as its seed considered pseudo-random or truly random?](https://stackoverflow.com/questions/63609099/are-random-numbers-generated-using-a-quantum-integer-as-its-seed-considered-pseu) – Peter O. Aug 16 '21 at 17:20
  • Also, if you care about the `random` module, use `random.SystemRandom`, which uses the same generator as the `secrets` module uses. The documentation for `random.seed` says: "If a is omitted or None, the current system time is used. If randomness sources are provided by the operating system, they are used instead of the system time (see the [documentation for the] `os.urandom()` function for details on availability)." – Peter O. Aug 16 '21 at 17:26
  • The [Python documentation](https://docs.python.org/3/library/random.html) tells you that neither `random` nor `randbytes` are secure. To find out why you will probably have to dive into the source code. Better just accept what you are told, and use the `secrets` module. – rossum Aug 16 '21 at 19:51

1 Answers1

1

The cracker you linked to shows that it can predict future values based on previous values. So imagine this (extreme) case: For some encryption you build a public key with 624*32 random bits and then a private key with 624*32 random bits. Then we can compute your private key from your public key. Not good.

Demo result:

47 out of 100 private keys cracked

Demo code:

import random, os
from randcrack import RandCrack

def create_keys():
    random.seed(os.urandom(10000))
    public_key = [random.getrandbits(32) for _ in range(624)]
    private_key = [random.getrandbits(32) for _ in range(624)]
    return public_key, private_key

def crack(public_key):
    rc = RandCrack()
    for x in public_key:
        rc.submit(x)
    cracked_private_key = [rc.predict_getrandbits(32) for _ in range(624)]
    return cracked_private_key

def demo():
    cracked = 0
    for attempt in range(1, 101):
        public_key, private_key = create_keys()
        cracked += crack(public_key) == private_key
        print(cracked, 'out of', attempt, 'private keys cracked')

demo()
Kelly Bundy
  • 23,480
  • 7
  • 29
  • 65
  • curious. How could randcrack crack it if we use /dev/urandom as a seed? shouldn't that be just not possible because we label it as a CSPRNG? – Code Gatherer Aug 17 '21 at 17:24
  • 1
    @CodeGatherer Any seed just leads to some internal state, which the cracker computes based on then generated data. It's described on the cracker page. – Kelly Bundy Aug 17 '21 at 22:06
  • 4
    Let's try some analogy... I'll give you a book and you pick a truly random page. I can't predict which page it is. But when you read me the page, I can read you the next page (because I know the book). Probably not from the page's first character, maybe not from the first word. But if you read me enough of it, I know where in the book you are. – Kelly Bundy Aug 17 '21 at 22:09