random.random()
uses a pseudorandom number generator (PRNG), which uses a deterministic algorithm by definition and mathematically expands its input. Thus, the numbers it generates are pseudorandom, even if it was seeded by the output of a quantum random number generator or some other nondeterministic source.
A seed is a value that initializes the PRNG, and the number of possible sequences a PRNG can generate depends on the PRNG's state size and the size of the seed. For example, if the seed or the state is only 32 bits long, at most 232 different pseudorandom number sequences are possible with that PRNG, regardless of where the seed came from.
See also these questions:
In any case, the distinction between "pseudorandom" and "truly random" numbers is not what applications care about (and you didn't really specify what kind of application you have in mind). Instead, in general:
- Security applications care whether the numbers are hard to guess; in this case, only a cryptographic RNG can achieve this requirement (even one that relies on a pseudorandom number generator). A Python example is the
secrets
module or random.SystemRandom
.
- Scientific simulations care whether the numbers behave like independent uniform random numbers, and often care whether the numbers are reproducible at a later time. A Python example is
numpy.random.Generator
.
For example, the pseudorandom number generator used by random.random()
, Mersenne Twister, is not suitable for cryptography or information security; the numbers it produces are not designed to be hard to guess, and this is the case no matter how that generator was seeded (whether by a quantum random number generator or otherwise).
By contrast, pseudorandom generators designed for information security often involve cryptographic hash functions, block ciphers, or stream ciphers — especially because one goal is to make future pseudorandom numbers hard to guess, even if the generator's outputs are known.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…