Thank you for the answer!
I can't really speak to the issue, but I want to respond anyway in case you're not aware of this:
This link that you sent me implies that this is the call being made: os.urandom(16).encode('hex'), with a larger number, I assume.
This article speaks to this method. On a Linux system, this method queries '/dev/urandom' which is set by the operating system.
"os.urandom(n)
Return a string of n random bytes suitable for cryptographic use.
http://docs.python.org/2/library/os.html#os.urandom"This function returns random bytes from an OS-specific randomness source. The returned data should be unpredictable enough for cryptographic applications, though its exact quality depends on the OS implementation. On a UNIX-like system this will query /dev/urandom, and on Windows it will use CryptGenRandom. If a randomness source is not found, NotImplementedError will be raised."
However, specifically on Ubuntu, this advice is given against using this method for a cryptographic use:
" A read from the /dev/urandom device will not block waiting for more
entropy. As a result, if there is not sufficient entropy in the
entropy pool, the returned values are theoretically vulnerable to a
cryptographic attack on the algorithms used by the driver. Knowledge
of how to do this is not available in the current non-classified
literature, but it is theoretically possible that such an attack may
exist. If this is a concern in your application, use /dev/random
instead."
Basically, it's saying that a read from /dev/urandom will not wait for a large amount of entropy to be collected, if it's lacking, but will return immediately with some result; whereas a read from /dev/random will wait for the entropy necessary for strong cryptographic purposes.
http://manpages.ubuntu.com/manpages/jaunty/man4/random.4.html