In the link you gave, the only reason given to prefer urandom()
is that it pulled less code in (the OS implements "most of it", and os.urandom()
is built in to Python).
If you're going to distribute a Python package, you can simplify users' lives by minimizing external dependencies. That's the entire point of the link you found.
In terms of quality, either way should work fine. I prefer urandom()
because I understand what it does; I never dug into the guts of PyCrypto
. But urandom()
has been criticized for use in some environments. Click this and scroll down to the part that starts
Gutterman, Pinkas, & Reinman in March 2006 published a detailed cryptographic analysis of the Linux random number generator ...