-
John Mellor authored
It's commonly assumed that GUIDs generated by base::GenerateGUID are unguessable and will not collide, and this is in practice true since it's backed by base::RandBytes. The header for base::RandBytes did not guarantee being secure, but the implementations were all required to be cryptographically strong random number generators since crypto::RandBytes and base::UnguessableToken already both depend on base::RandBytes (see https://crbug.com/140076). This patch: - Marks base::GenerateGUID as secure in the code comments. - Migrates base::GenerateGUID from base::RandUint64 which is not guaranteed to be secure to base::RandBytes which is - see above. (It's not possible to migrate to crypto::RandBytes since that would introduce a circular dependency between base and crypto - see UnguessableToken::Create for a similar case). - Marks base::RandBytes as secure random in its header, but clarifying that code outside base/ that depends on it being secure should continue to use the crypto/ wrapper. - Cleans up some duplicated code in the implementations of base/rand_util_*.cc Bug: none Change-Id: I282bbd7d1883ba120c01280b941b9d7ecbef404c Reviewed-on: https://chromium-review.googlesource.com/678731 Reviewed-by: Mark Mentovai <mark@chromium.org> Commit-Queue: John Mellor <johnme@chromium.org> Cr-Commit-Position: refs/heads/master@{#504389}
afab972d