cryptography/docs/random-numbers.rst

Random number generation
========================

When generating random data for use in cryptographic operations, such as an
initialization vector for encryption in
:class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not
want to use the standard :mod:`random` module APIs. This is because they do not
provide a cryptographically secure random number generator, which can result in
major security issues depending on the algorithms in use.

Therefore, it is our recommendation to `always use your operating system's
provided random number generator`_, which is available as :func:`os.urandom`.
For example, if you need 16 bytes of random data for an initialization vector,
you can obtain them with:

.. doctest::

    >>> import os
    >>> iv = os.urandom(16)


If you need your random number as an big integer, you can use
``int.from_bytes`` to convert the result of ``os.urandom``:

.. code-block:: pycon

    >>> serial = int.from_bytes(os.urandom(16), byteorder="big")

In addition, the `Python standard library`_ includes the ``secrets`` module,
which can be used for generating cryptographically secure random numbers, with
specific helpers for text-based formats.

.. _`always use your operating system's provided random number generator`: https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
.. _`Python standard library`: https://docs.python.org/3/library/secrets.html
Fixed #568 -- Document that users should use urandom for all their random numbers 2014-02-06 17:47:07 +00:00			`Random number generation`
			`========================`

			`When generating random data for use in cryptographic operations, such as an`
			`initialization vector for encryption in`
			:class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not
			want to use the standard :mod:`random` module APIs. This is because they do not
Be more alarmist 2014-02-06 18:27:48 +00:00			`provide a cryptographically secure random number generator, which can result in`
			`major security issues depending on the algorithms in use.`
Fixed #568 -- Document that users should use urandom for all their random numbers 2014-02-06 17:47:07 +00:00
Cite Thomas Ptacek for urandom 2014-02-25 22:12:35 +00:00			Therefore, it is our recommendation to `always use your operating system's
Attempt to link to the os.urandom docs from upstream 2014-12-19 07:48:33 +00:00			provided random number generator`_, which is available as :func:`os.urandom`.
			`For example, if you need 16 bytes of random data for an initialization vector,`
			`you can obtain them with:`
Fixed #568 -- Document that users should use urandom for all their random numbers 2014-02-06 17:47:07 +00:00
Get rid of remaining pycon blocks 2014-07-12 11:27:37 +00:00			`.. doctest::`
Fixed #568 -- Document that users should use urandom for all their random numbers 2014-02-06 17:47:07 +00:00
			`>>> import os`
No point showing a ... 2014-07-12 16:52:59 +00:00			`>>> iv = os.urandom(16)`
Cite Thomas Ptacek for urandom 2014-02-25 22:12:35 +00:00
Let people who are curious know how os.urandom is implemented 2014-12-19 05:31:28 +00:00
remove out of date details in random numbers docs (#8482) 2023-03-09 21:19:39 +00:00			`If you need your random number as an big integer, you can use`
Document how to get a random number as an integer, fixes #2190 2015-08-08 22:18:09 +00:00			``int.from_bytes`` to convert the result of ``os.urandom``:

			`.. code-block:: pycon`

remove out of date details in random numbers docs (#8482) 2023-03-09 21:19:39 +00:00			`>>> serial = int.from_bytes(os.urandom(16), byteorder="big")`
Document how to get a random number as an integer, fixes #2190 2015-08-08 22:18:09 +00:00
Clean up the language in the docs now that 3.6 is the minimum we support (#6825) 2022-01-29 15:15:11 +00:00			In addition, the `Python standard library`_ includes the ``secrets`` module,
			`which can be used for generating cryptographically secure random numbers, with`
			`specific helpers for text-based formats.`
Fixes #2347 -- link to the stdlib secrets module in our random number generation section (#3669) 2017-06-04 15:51:31 +00:00
Last pass over fixing the links (#3224) 2016-11-06 15:13:35 +00:00			.. _`always use your operating system's provided random number generator`: https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
Clean up the language in the docs now that 3.6 is the minimum we support (#6825) 2022-01-29 15:15:11 +00:00			.. _`Python standard library`: https://docs.python.org/3/library/secrets.html