The Python secrets module is a module for generating secure random numbers. It provides several functions for generating random numbers that are suitable for a wide range of applications, including generating secure passwords, tokens for authentication, and other sensitive data.

The secrets module uses the system's secure random number generator to generate random numbers, which are then returned to the caller. This means that the numbers generated by the secrets module are cryptographically strong and can be used for a variety of security-sensitive operations.

One of the main functions in the secrets module is randbelow, which generates a secure random number in the range [0, n), where n is an integer provided by the caller. For example, to generate a random number in the range [0, 100), you could use the following code:

import secrets

secure_random_number = secrets.randbelow(101)
print(secure_random_number)

# 89

In addition to generating random numbers, the secrets module also provides a number of functions for generating random strings. For example, the token_hex function generates a secure random string of hexadecimal digits, which can be used as a token for authentication or other purposes. To generate a secure random string of length 16 using the token_hex function, you could use the following code:

import secrets

secure_random_string = secrets.token_hex(16)
print(secure_random_string)

# 4e52e1038eafea5c061e33dc39613e76

The secrets module was added to Python's standard library in version 3.6. Prior to the introduction of this module, Python did not have a built-in way to generate secure random numbers, and developers had to use third-party libraries or other external sources to generate such numbers. It provides a convenient and secure way to generate random numbers directly within Python, making it easier for developers to incorporate randomness into their applications.

What about just using the random module?

The random module is another module in Python's standard library for generating random numbers, but it is not suitable for all applications. In contrast to the secrets module, the random module uses a pseudo-random number generator (PRNG), which is a deterministic algorithm that produces a sequence of random numbers. While this is fine for many purposes, it is not cryptographically strong, and the numbers generated by the random module should not be used for security-sensitive operations.

In contrast, the secrets module uses the system's secure random number generator to generate random numbers, which are cryptographically strong and suitable for use in security-sensitive operations. Therefore, for applications that require secure random numbers, the secrets module is a better choice than the random module.

Here is an example that illustrates the difference between the two modules:

import random
import secrets

# Generate a random number in the range [0, 100) using the random module
random_number = random.randint(0, 100)
print(random_number)

# Generate a secure random number in the range [0, 100) using the secrets module
secure_random_number = secrets.randbelow(101)
print(secure_random_number)

But, what exactly means "cryptographically strong" in this context?

The term "cryptographically strong" refers to the random numbers generated by the module being suitable for use in cryptography. Cryptography is the practice of using mathematical techniques to secure communication and protect data from unauthorized access, and it relies on the use of random numbers to generate keys and other security parameters.

For a random number to be considered "cryptographically strong," it must have multiple properties that make it difficult for an attacker to predict or otherwise manipulate the number. For example, a cryptographically strong random number should be uniformly distributed, meaning that each possible value has an equal probability of being generated. It should also be unpredictable, meaning that it is not possible to predict the next number in the sequence based on the previous numbers.

To learn more about the secrets module, please refer to the official Python Standard Library Documentation about it.