Use SecureRandom for os.urandom

The Random PRNG does not produce random numbers sufficient for
cryptographic use, as os.urandom specifies it should. Instead we replace
it with an instance of SecureRandom.

Because creating SecureRandom instances consumes a significant amount of
resources, we store one instance in a static field to share amongst all
URandomNodes. We initialize it only on the first call to urandom to
avoid incurring the cost on loading the class.

Author: Zach Olstein

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/PosixModuleBuiltins.java

@@ -70,6 +70,8 @@
 import java.nio.file.attribute.PosixFilePermission;
 import java.nio.file.attribute.PosixFilePermissions;
 import java.nio.file.attribute.UserPrincipal;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
@@ -1676,11 +1678,25 @@ public abstract static class ReplaceNode extends RenameNode {
     @GenerateNodeFactory
     @TypeSystemReference(PythonArithmeticTypes.class)
     abstract static class URandomNode extends PythonBuiltinNode {
+        private static SecureRandom secureRandom;
+
+        private static SecureRandom createRandomInstance() {
+            try {
+                return SecureRandom.getInstance("NativePRNGNonBlocking");
+            } catch (NoSuchAlgorithmException e) {
+                throw new IllegalStateException(e);
+            }
+        }
+
+
         @Specialization
         @TruffleBoundary(allowInlining = true)
         PBytes urandom(int size) {
+            if (secureRandom == null) {
+                secureRandom = createRandomInstance();
+            }
             byte[] bytes = new byte[size];
-            new Random().nextBytes(bytes);
+            secureRandom.nextBytes(bytes);
             return factory().createBytes(bytes);
         }
     }