Fix the control port password handling
Tor Browser should be able to handle the
TOR_CONTROL_PASSWD environment variable, but it doesn't.
Our code expects the password to be given in hex, but the control port handles a quoted string as well.
I think the quoted string at a certain point worked for Tor Browser, because it's what the Linux starting script expects and complains if not provided. However, even though the script complains, the hex sequence works (and probably it works also in other platforms).
So, we should fix this not-so-good situation.
In addition to that, there are a couple of things I don't like in our current implementation.
The first is that we continuously hex-encode and hex-decode.
We could hex decode it only when provided by a user as hex, or we could use
TextEncoder when the user provides a string (after decoding it with
TorParsers), that is a byte array already.
The second thing is that generate a random password in the "visible" ASCII range (
~), even though we never use it as a string, but always as a hex sequence.
And we use a custom RNG function (which I think we do to make sure the max is a multiple of our max, and keep it a uniform RNG).
If we extended the range to the full 0-255 range we could just use the plain browser's RNG without the cutoff (and we'd have a better password, since we switch from 94 to 256 values).