Skip to content

[th/g-random-int] don't use g_random_int()

Thomas Haller requested to merge th/g-random-int into main

g_random_*() is based on GRand, which is not a CSPRNG. Instead, rely on kernel to give us good random numbers, which is what nm_random_*() does.

Note that nm_random_*() calls getrandom() (or reads /dev/urandom), which most likely is slower than GRand. It doesn't matter for our uses though.

It is cumbersome to review all uses of g_rand_*() whether their usage of a non-cryptographically secure generator is appropriate. We can just always an appropriate function, thereby avoiding this question. Even glib documentation refers to reading /dev/urandom as alternative to GRand. Which is what nm_random_*() does. These days, it seems unnecessary to not use the best random generator available, unless it's not fast enough or you need a stable/seedable stream of randomness.

In particular in nmcli, we used g_random_int_range() to generate passwords. That is not appropriate. Sure, it's only for the hotspot, but still.

Merge request reports