[th/g-random-int] don't use g_random_int()
g_random_*()
is based on GRand
, which is not a CSPRNG. Instead, rely on
kernel to give us good random numbers, which is what nm_random_*()
does.
Note that nm_random_*()
calls getrandom()
(or reads /dev/urandom
), which
most likely is slower than GRand
. It doesn't matter for our uses though.
It is cumbersome to review all uses of g_rand_*()
whether their usage of
a non-cryptographically secure generator is appropriate. We can just
always an appropriate function, thereby avoiding this question. Even
glib documentation refers to reading /dev/urandom
as alternative to GRand
.
Which is what nm_random_*()
does. These days, it seems unnecessary to not use
the best random generator available, unless it's not fast enough or you
need a stable/seedable stream of randomness.
In particular in nmcli, we used g_random_int_range()
to generate
passwords. That is not appropriate. Sure, it's only for the hotspot,
but still.