`_randomBytes` generates non-uniform random values

[fegge]

bip39.generateMnemonic uses the Random.secure() CSPRNG from the dart:math library to generate entropy for the mnemonic in _randomBytes.

bip39/lib/src/bip39_base.dart

Lines 40 to 47 in 3633daa

	Uint8List _randomBytes(int size) {
	final rng = Random.secure();
	final bytes = Uint8List(size);
	for (var i = 0; i < size; i++) {
	bytes[i] = rng.nextInt(_SIZE_BYTE);
	}
	return bytes;
	}

Here _SIZE_BYTE is defined as 255 (on line 10). Since the nextInt method generates integers in the half-open interval [0, max) for a given upper bound max, the value 255 will never be generated. This means that the generated entropy will not be uniformly random. This is an issue if the library is used to generate private keys (e.g. using BIP32).

[cylon56]

It's concerning that there's no follow-up to this as secure random generation of keys is crucial for anyone using this library.