python · picnixz · Jun 8, 2025 · Jun 6, 2025 · Jun 8, 2025 · Jun 8, 2025
diff --git a/Doc/library/uuid.rst b/Doc/library/uuid.rst
@@ -255,7 +255,8 @@ The :mod:`uuid` module defines the following functions:
    positive integers of 48, 12 and 62 bits respectively. If they exceed
    their expected bit count, only their least significant bits are kept;
    non-specified arguments are substituted for a pseudo-random integer of
-   appropriate size.
+   appropriate size. Note that *a*, *b* and *c* are generated by PRNG (not CSPRNG)
+   so use UUIDv4 if you are generating a token or verification code.
 
    .. versionadded:: 3.14
 

diff --git a/Lib/uuid.py b/Lib/uuid.py
@@ -666,8 +666,8 @@ def _random_getnode():
     # counting from 1 being the least significant bit, or 1<<40.
     #
     # See https://en.wikipedia.org/w/index.php?title=MAC_address&oldid=1128764812#Universal_vs._local_(U/L_bit)
-    import random
-    return random.getrandbits(48) | (1 << 40)
+
+    return (int.from_bytes(__import__('os').urandom(6), 'big')) | (1 << 40)
 
 
 # _OS_GETTERS, when known, are targeted for a specific OS or platform.