security(keygen): use OsRng instead of thread_rng for cryptographic key generation

avrabe · avrabe · commit a0f88ba015a8 · 2025-10-25T19:38:02.000+02:00
Replace thread_rng() with OsRng for SSH key generation, which provides
stronger security guarantees:

**Why OsRng is better:**
- Direct access to OS CSPRNG (not cached)
- Stateless (no internal state to leak)
- No fork-safety concerns
- Explicitly designed for cryptographic operations

**Why this change:**
- thread_rng() prioritizes performance over crypto guarantees
- rand 0.8 didn't clearly document crypto status of ThreadRng
- OsRng is the recommended RNG for SSH key generation

**Compatibility note:**
Cannot upgrade to rand 0.9 yet because ssh-key 0.6 requires rand_core 0.6.
The RustCrypto ecosystem is still migrating to rand_core 0.9. When ssh-key
releases a version compatible with rand_core 0.9, we can upgrade.

Changes:
- tools/ssh_keygen/src/main.rs: Use rand::rngs::OsRng (3 locations)
- tools/ssh_keygen/Cargo.toml: Add comment about rand 0.9 compatibility

Tests: All tests pass (3/3) with OsRng
diff --git a/tools/ssh_keygen/Cargo.toml b/tools/ssh_keygen/Cargo.toml
@@ -10,7 +10,8 @@ anyhow = "1.0"
 clap = { version = "4.5", features = ["derive"] }
 ssh-key = { version = "0.6", features = ["ed25519", "rsa", "ecdsa", "rand_core"] }
 rand = "0.8"
-# rand_core will be resolved transitively to 0.6 (compatible with ssh-key)
+# Uses OsRng for cryptographic key generation (OS-backed CSPRNG)
+# Note: Cannot upgrade to rand 0.9 until ssh-key supports rand_core 0.9
 
 [dev-dependencies]
 tempfile = "3.23"
diff --git a/tools/ssh_keygen/src/main.rs b/tools/ssh_keygen/src/main.rs
@@ -111,8 +111,9 @@ fn main() -> Result<()> {
         .to_algorithm(cli.bits)
         .context("Failed to determine key algorithm")?;
 
-    // Generate the private key
-    let mut private_key = PrivateKey::random(&mut rand::thread_rng(), algorithm)
+    // Generate the private key using OS CSPRNG
+    // OsRng is the recommended cryptographic RNG for key generation
+    let mut private_key = PrivateKey::random(&mut rand::rngs::OsRng, algorithm)
         .context("Failed to generate private key")?;
 
     // Set comment if provided
@@ -212,7 +213,7 @@ mod tests {
 
         // Generate key using our algorithm
         let algorithm = cli.key_type.to_algorithm(cli.bits)?;
-        let private_key = PrivateKey::random(&mut rand::thread_rng(), algorithm)?;
+        let private_key = PrivateKey::random(&mut rand::rngs::OsRng, algorithm)?;
 
         // Verify we can encode both private and public keys
         let _private_data = private_key.to_openssh(LineEnding::LF)?;
@@ -224,7 +225,7 @@ mod tests {
     #[test]
     fn test_rsa_key_generation() -> Result<()> {
         let algorithm = KeyType::Rsa.to_algorithm(Some(2048))?;
-        let private_key = PrivateKey::random(&mut rand::thread_rng(), algorithm)?;
+        let private_key = PrivateKey::random(&mut rand::rngs::OsRng, algorithm)?;
 
         // Verify we can encode both keys
         let _private_data = private_key.to_openssh(LineEnding::LF)?;
