Use of weak random number generator (math/rand instead of crypto/rand)
83}
84
85func TestNewWithSeedNumber(t *testing.T) {
86 number := rand.Int63n(math.MaxInt64) 87 f := NewWithSeedNumber(number)
88 Expect(t, fmt.Sprintf("%T", f), "faker.Faker")
89}
Use of weak random number generator (math/rand instead of crypto/rand)
590
591// NewWithSeedNumber returns a new instance of Faker instance with a given seed
592func NewWithSeedNumber(src int64) (f Faker) {
593 generator := rand.New(rand.NewSource(src))594 f = Faker{Generator: generator}
595 return
596}
Description
math/rand
is much faster for applications that don’t need crypto-level or security-related random data generation. crypto/rand
is suited for secure and crypto-ready usage, but it’s slower. But in most cases, crypto/rand
is likely to be more suitable, unless the performance is critical but the application's security is not (which is rare).
It is highly recommended to use crypto/rand
when needing to be secure with random numbers such as generating session ID in a web application.
- crypto/rand package
- math/rand package
Bad practice
package main
import "math/rand"
func main() {
bad := rand.Int()
println(bad)
}
Recommended
package main
import "crypto/rand"
func main() {
good, _ := rand.Read(nil)
println(good)
}