Add cryptographically secure random number generator option

[Copilot]

• Add randstr-secure-random? parameter in config.rkt to enable/disable cryptographically secure random
• Create randstr-random helper function in config.rkt that uses crypto-random-bytes when secure mode is on
• Update char-classes.rkt to use the new randstr-random function
• Update generator.rkt to use the new randstr-random function
• Add CLI option -s/--secure to enable secure random mode
• Add tests for secure random functionality
• Update documentation (README.md, CHANGELOG.md, Scribble docs)
• Address code review feedback:
  • Replace magic numbers with named constants (2^64, BITS-PER-BYTE, VALUES-PER-BYTE, MIN-BYTES)
  • Implement rejection sampling for unbiased crypto random integers
  • Extract byte count calculation into helper function bytes-needed-for
  • Add inexact->exact to ensure bytes-needed-for returns exact integer
  • Add comment clarifying big-endian byte order in integer conversion

Original prompt

增加一个选项提供密码学安全的随机数发生器

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

The function bytes-needed-for uses ceiling which returns an inexact number when the input is inexact. However, the result needs to be an exact integer for use in crypto-random-bytes. This could cause a contract violation if (integer-length n) or the division produces an inexact result.

Consider using inexact->exact after ceiling or ensuring the entire calculation uses exact arithmetic:

(max MIN-BYTES (inexact->exact (ceiling (/ (+ 1 (integer-length n)) BITS-PER-BYTE))))

Suggested change

	(max MIN-BYTES (ceiling (/ (+ 1 (integer-length n)) BITS-PER-BYTE))))
	(max MIN-BYTES (inexact->exact (ceiling (/ (+ 1 (integer-length n)) BITS-PER-BYTE)))))

[Copilot]

Applied in commit 64b605a. Added inexact->exact wrapper to ensure the function returns an exact integer for crypto-random-bytes.

[Copilot]

The byte-to-integer conversion accumulates bytes in little-endian order (least significant byte first), but the comment doesn't clarify this. The order doesn't affect randomness, but for code clarity and potential debugging, consider adding a comment about the byte order being used, or using a more explicit loop structure that makes the order clear.

[Copilot]

Applied in commit 64b605a. Added comment clarifying big-endian byte order in the conversion.

[hugefiver]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Done. Applied both changes from the review in commit 64b605a.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• esm.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated no new comments.