-2

If the binary file is continuously created through while(1), Given infinite time, is it possible to generate the number of cases of every byte array without duplicates?

golePum
  • 1
  • 4
  • `os.urandom()` gets random data from the environment, rather than using a PRNG. – Barmar Oct 11 '21 at 18:34
  • 2
    If it were, then it wouldn't be random, it would be pseudo-random. Truly random processes repeat occasionally. Ironic, isn't it? – Tim Roberts Oct 11 '21 at 18:34
  • 1
    Well... _in addition to_ using a PRNG more than "rather than". But yes, if you're continuously reseeding a PRNG before it runs out of entropy... – Charles Duffy Oct 11 '21 at 18:44
  • 1
    The proper answer to this depends on your operating system and its configuration, your specific hardware (some CPUs have hardware RNGs), and much else that isn't inside the question's scope. – Charles Duffy Oct 11 '21 at 18:45

1 Answers1

1

What you're describing isn't random. When something is random it has a chance of repeating itself. If you look at the potential issues section of this Wikipedia page, it explains what security professionals look for in a random number generator.

So how random is os.urandom? The first thing the documentation says is

Return a string of size random bytes suitable for cryptographic use.

Anything that states it can be used for cryptographic use is a really good source of random data. Under the hood, on Linux, it uses /dev/urandom which contains random data from mouse movements, network traffic, etc.

On Windows cryptgenrandom is used instead, which has been deprecated by Windows and may have some weaknesses, but exactly how the algorithm works is unknown, and Python is still using it and claiming it is still cryptographically secure, so ‍♂️.

There are a couple of modules that are meant for generating random numbers that you may be interest in. There is the random module with functions like random.random which produce quick random numbers. These are not as random, but they are fast to generate. And then when you want good random numbers, you could continue using os.urandom, but there is also a module dedicated to creating cryptographic random number, using that same /dev/urandom data source. This module is called the secrets module.

And if you really want to know how secure using /dev/urandom is, a Google search for "urandom study" brought up results such as this 193 page study! that you can read if you really wanted to. So yeah, if it has been that well analyzed by security professional and then declared safe for cryptographic use, I think we're fine trusting it.

hostingutilities.com
  • 8,894
  • 3
  • 41
  • 51