If your pseudo random number generation favors generating any numbers...
This is why I'm not implementing my own random number generation. I'm using the PyCrypto module to generate random numbers of a large size (256bits).
It looks like getrandbits() attempts to implement the Mersenne Twister algorithm. Unfortunately, there are weak implementations of that algorithm, and I don't know if python's implementation avoids all the known issues or not. Perhaps most importantly:
"It can take a long time to start generating output that passes randomness tests, if the initial state is highly non-random—particularly if the initial state has many zeros. A consequence of this is that two instances of the generator, started with initial states that are almost the same, will usually output nearly the same sequence for many iterations, before eventually diverging."
I suspect (but don't know for certain) that the python implementation has improved initialization so that beginning with such a state is very unlikely.
Although, according to wikipedia:
"The algorithm in its native form is not cryptographically secure. The reason is that observing a sufficient number of iterations allows one to predict all future iterations."
Like I said, "this can't be stated often enough". Thinking that a particular algorithm is secure, or hoping that an algorithm is secure, doesn't make it secure. This is probably the hardest part of coding for bitcoin, and is an area where many well meaning programmers have created services that have lost people a lot of bitcoins when hackers with time and patience have discovered the weaknesses in the various methods that have been used for random number generation. Developers that relied on the Android operating system failed. Developers that relied on random.org failed. Developers that relied on operating system functions failed.
It might be okay to rely on getrandbits() from python's Crypto library, it might not. Personally, I won't be using your tool at all.
Here's a question to help you decide if you actually feel your tool is safe...
Lets say your tool becomes popular. Lets say people start using it to create addresses that store hundreds of thousands (or even millions) of dollars worth of bitcoins.
If a weakness is discovered in the getrandbits() function and someone loses $500,000 worth of bitcoins to a hacker because of it, are you willing to be held personally financially responsible for your error in RNG choice and re-imburse that user?
