8)
9
10func randomSeed() uint32 {
11 rand.Seed(time.Now().UnixNano())12 seeds := []uint32{0xCAFE, 0xcaFE, 0xcafe, 0xCAAF, 0xFACE}
13 min, max := 0, len(seeds)-1
14 return seeds[rand.Intn(max-min+1)+min]
As math/rand
uses a statistical random number generator, using a low entropy
seed (such as constants and the current system time) may allow an attacker to
predict what the following number generated is.
package main
import (
"math/rand"
"time"
)
func main() {
rand.Seed(42) // constant seeds are bad
rand.Seed(time.Now().Unix()) // time based seeds don't have sufficient entropy
}