Whats more random, hashlib or urandom?

Question

I\'m working on a project with a friend where we need to generate a random hash. Before we had time to discuss, we both came up with different approaches and because they are us

Answer 1

The second solution clearly has more entropy than the first. Assuming the quality of the source of the random bits would be the same for os.urandom and random.random:

• In the second solution you are fetching 16 bytes = 128 bits worth of randomness
• In the first solution you are fetching a floating point value which has roughly 52 bits of randomness (IEEE 754 double, ignoring subnormal numbers, etc...). Then you hash it around, which, of course, doesn't add any randomness.

More importantly, the quality of the randomness coming from os.urandom is expected and documented to be much better than the randomness coming from random.random. os.urandom's docstring says "suitable for cryptographic use".