# Random module

## Syntax

- random.seed(a=None, version=2) (version is only avaiable for python 3.x)
- random.getstate()
- random.setstate(state)
- random.randint(a, b)
- random.randrange(stop)
- random.randrange(start, stop, step=1)
- random.choice(seq)
- random.shuffle(x, random=random.random)
- random.sample(population, k)

## Create cryptographically secure random numbers

By default the Python random module use the Mersenne Twister `PRNG`

to generate random numbers, which, although suitable in domains like simulations, fails to meet security requirements in more demanding environments.

In order to create a cryptographically secure pseudorandom number, one can use `SystemRandom`

which, by using `os.urandom`

, is able to act as a Cryptographically secure pseudorandom number generator, CPRNG.

The easiest way to use it simply involves initializing the `SystemRandom`

class. The methods provided are similar to the ones exported by the random module.

In order to create a random sequence of 10 `int`

s in range `[0, 20]`

, one can simply call `randrange()`

:

To create a random integer in a given range, one can use `randint`

:

and, accordingly for all other methods. The interface is exactly the same, the only change is the underlying number generator.

You can also use `os.urandom`

directly to obtain cryptographically secure random bytes.

## Creating a random user password

In order to create a random user password we can use the symbols provided in the `string`

module. Specifically `punctuation`

for punctuation symbols, `ascii_letters`

for letters and `digits`

for digits:

We can then combine all these symbols in a name named `symbols`

:

Remove either of these to create a pool of symbols with fewer elements.

After this, we can use `random.SystemRandom`

to generate a password. For a 10 length password:

**Note that other routines made immediately available by the random module — such as random.choice, random.randint, etc. — are **

*unsuitable*for cryptographic purposes.

Behind the curtains, these routines use the Mersenne Twister PRNG, which does not satisfy the requirements of a CSPRNG. Thus, in particular, you should not use any of them to generate passwords you plan to use. Always use an instance of `SystemRandom`

as shown above.

Starting from Python 3.6, the `secrets`

module is available, which exposes cryptographically safe functionality.

Quoting the official documentation, to generate *"a ten-character alphanumeric password with at least one lowercase character, at least one uppercase character, and at least three digits,"* you could:

## Creating random integers and floats: randint, randrange, random, and uniform

# randint()

Returns a random integer between `x`

and `y`

(inclusive):

For example getting a random number between `1`

and `8`

:

# randrange()

`random.randrange`

has the same syntax as `range`

and unlike `random.randint`

, the last value is **not** inclusive:

# random

Returns a random floating point number between 0 and 1:

# uniform

Returns a random floating point number between `x`

and `y`

(inclusive):

## Random and sequences: shuffle, choice and sample

# shuffle()

You can use `random.shuffle()`

to mix up/randomize the items in a **mutable and indexable** sequence. For example a `list`

:

# choice()

Takes a random element from an arbitary **sequence**:

# sample()

Like `choice`

it takes random elements from an arbitary **sequence** but you can specify how many:

it will not take the same element twice:

ValueError: Sample larger than population

## Random Binary Decision

## Reproducible random numbers: Seed and State

Setting a specific Seed will create a fixed random-number series:

Resetting the seed will create the same "random" sequence again:

Since the seed is fixed these results are always `9`

and `4`

. If having specific numbers is not required only that the values will be the same one can also just use `getstate`

and `setstate`

to recover to a previous state:

To pseudo-randomize the sequence again you `seed`

with `None`

:

Or call the `seed`

method with no arguments: