perf: replace /dev/urandom | tr with openssl rand to fix CPU spike in gen_random_string

[Kookiejarz]

closes #3886

Replace /dev/urandom | tr pipeline with openssl rand -base64 to reduce
tr's byte rejection rate from ~75% to ~2%, fixing CPU spikes on low-spec VPS.

See issue #3886 for detailed analysis.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b01a71f32d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[cherts]

Maybe it's worth using a simpler and lighter program - pwgen ?

[Kookiejarz]

Maybe it's worth using a simpler and lighter program - pwgen ?

Thanks for the suggestion! pwgen is indeed a great and lightweight tool specifically designed for this purpose. :D

However, for a self-contained installation script, introducing pwgen would mean adding a highly specific, single-purpose dependency. While the PR does add openssl to the package manager lists, openssl is a ubiquitous core utility that is almost universally available across all distributions (including minimal ISOs and Alpine) - and also an implicit dependency via curl, which is required for the one-click installation.

Using openssl rand -base64 also provides cryptographically secure pseudo-randomness (CSPRNG) without adding additional single-use tools to the system, keeping it lightweight.

[MHSanaei]

Thanks for your PR
we have two more gen_random_string on x-ui.sh and update.sh

[Kookiejarz]

Thanks for your PR we have two more gen_random_string on x-ui.sh and update.sh

Got it, already modified and commited. :)