Prefer crypto rand seed for pkg/rand
Crypto rand is a much better seed for math/rand than time. In the event we use math/rand where we should not, this will make it a safer source of random numbers. Although potentially dangerous, this will still fallback to time should crypto/rand for any reason fail. Signed-off-by: Eric Windisch <eric@windisch.us>
This commit is contained in:
Eric Windisch
parent
0dc55c7057
commit
8a44179788
1 changed files with 11 additions and 1 deletions
|
|
@ -1,7 +1,10 @@
|
||||||
package random
|
package random
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
cryptorand "crypto/rand"
|
||||||
"io"
|
"io"
|
||||||
|
"math"
|
||||||
|
"math/big"
|
||||||
"math/rand"
|
"math/rand"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -36,8 +39,15 @@ func (r *lockedSource) Seed(seed int64) {
|
||||||
// NewSource returns math/rand.Source safe for concurrent use and initialized
|
// NewSource returns math/rand.Source safe for concurrent use and initialized
|
||||||
// with current unix-nano timestamp
|
// with current unix-nano timestamp
|
||||||
func NewSource() rand.Source {
|
func NewSource() rand.Source {
|
||||||
|
var seed int64
|
||||||
|
if cryptoseed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)); err != nil {
|
||||||
|
// This should not happen, but worst-case fallback to time-based seed.
|
||||||
|
seed = time.Now().UnixNano()
|
||||||
|
} else {
|
||||||
|
seed = cryptoseed.Int64()
|
||||||
|
}
|
||||||
return &lockedSource{
|
return &lockedSource{
|
||||||
src: rand.NewSource(time.Now().UnixNano()),
|
src: rand.NewSource(seed),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue