Time based seeds have insufficient entropy
54}
55
56func getRandomIndex(max int) int {
57 rand.Seed(time.Now().UnixNano())58 return rand.Intn(max + 1)
59}
60
Description
As math/rand
uses a statistical random number generator, using a low entropy
seed (such as constants and the current system time) may allow an attacker to
predict what the following number generated is.
Bad practice
package main
import (
"math/rand"
"time"
)
func main() {
rand.Seed(42) // constant seeds are bad
rand.Seed(time.Now().Unix()) // time based seeds don't have sufficient entropy
}