Added crypto random-number generator

base/rand_util.h

Index: base/rand_util.h
diff --git a/base/rand_util.h b/base/rand_util.h
index c5c4ef88114427a8ddf8ddebdd9499422e2f14fe..200539eed95924dd7c7d618e3c2f49bf4067f544 100644
--- a/base/rand_util.h
+++ b/base/rand_util.h
@@ -32,12 +32,15 @@ BASE_EXPORT double RandDouble();
 // the range [0, 1). Thread-safe.
 BASE_EXPORT double BitsToOpenEndedUnitInterval(uint64 bits);
 
-// Fills |output_length| bytes of |output| with cryptographically strong random
-// data.
+// Fills |output_length| bytes of |output| with random data.
+// Use crypto::RandBytes() for cryptographically secure random data

[darin (slow to review), 2012/08/02 16:55:38]

I'm a little nervous about adding comments that refer to functions in other
modules.  If someone renamed crypto::RandBytes() to
crypto::CryptographicallySecureRandBytes(), will they remember to fix up this
comment?

I think it is completely reasonable to add a big warning indicating that this
function is not cryptographically secure.

  // WARNING: Do not use this function if you need cryptographically
  //          secure random data!

But, referring to another function in another module is risky business.  It is
easy for the reference to bit-rot.

If you want to refer to src/crypto, that seems less risky.

[Mehrdad, 2012/08/02 17:01:51]

Oh hmm... I'm not sure about saying it's not secure (since it is, it's just an
abstraction violation).
But the bitrot comment is a great point.

Would this be good?

// WARNING:
// Do not use for security-sensitive purposes.
// See crypto/ for cryptographically random number generation.

+// instead of this function.
 BASE_EXPORT void RandBytes(void* output, size_t output_length);
 
-// Fills a string of length |length| with with cryptographically strong random
-// data and returns it.  |length| should be nonzero.
+// Fills a string of length |length| with with random data and returns it.
+// |length| should be nonzero.
+//
+// Use crypto/random for cryptographically random data instead of this function.
 //
 // Note that this is a variation of |RandBytes| with a different return type.
 BASE_EXPORT std::string RandBytesAsString(size_t length);