Use of weak random number generator (math/rand instead of crypto/rand)
300 return
301 }
302 // Sleep a random time between 3/4 and 5/4 of the configured interval.
303 sleepNanos := (f.scanInterval.Nanoseconds()*3 + rand.Int63n(2*f.scanInterval.Nanoseconds())) / 4 304 interval := time.Duration(sleepNanos) * time.Nanosecond
305 l.Debugln(f, "next rescan in", interval)
306 f.scanTimer.Reset(interval)
Use of weak random number generator (math/rand instead of crypto/rand)
133 // *look* like file I/O, but they are not. Do not worry that they
134 // might fail.
135
136 rng := rand.New(rand.NewSource(int64(seed)))137 var createdFiles int
138 var writtenData int64
139 for (files == 0 || createdFiles < files) && (maxsize == 0 || writtenData>>20 < int64(maxsize)) {
Use of weak random number generator (math/rand instead of crypto/rand)
789 nextBlockOffs := (seedNo + 1) << randomBlockShift
790 if f.rng == nil || f.offset != offs || seedNo != f.seedOffs {
791 // This is not a straight read continuing from a previous one
792 f.rng = rand.New(rand.NewSource(f.seed + seedNo))793
794 // If the read is not at the start of the block, discard data
795 // accordingly.
Description
math/rand
is much faster for applications that don’t need crypto-level or security-related random data generation. crypto/rand
is suited for secure and crypto-ready usage, but it’s slower. But in most cases, crypto/rand
is likely to be more suitable, unless the performance is critical but the application's security is not (which is rare).
It is highly recommended to use crypto/rand
when needing to be secure with random numbers such as generating session ID in a web application.
- crypto/rand package
- math/rand package
Bad practice
package main
import "math/rand"
func main() {
bad := rand.Int()
println(bad)
}
Recommended
package main
import "crypto/rand"
func main() {
good, _ := rand.Read(nil)
println(good)
}