Skip to content

Commit

Permalink
math/rand: make the security warning clearer and more prominent
Browse files Browse the repository at this point in the history
It is still a common misconception that math/rand can be used for
security-sensitive work if seeded with crypto/rand
(celestiaorg/celestia-core#270). It can not.

Change-Id: I8598c352d1750eabeada50be9976ab68cbb42cc0
Reviewed-on: https://go-review.googlesource.com/c/go/+/310350
Trust: Filippo Valsorda <[email protected]>
Reviewed-by: Katie Hockman <[email protected]>
Reviewed-by: Emmanuel Odeke <[email protected]>
  • Loading branch information
FiloSottile committed Apr 23, 2021
1 parent 8c66669 commit d2f96f2
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions src/math/rand/rand.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Package rand implements pseudo-random number generators.
// Package rand implements pseudo-random number generators unsuitable for
// security-sensitive work.
//
// Random numbers are generated by a Source. Top-level functions, such as
// Float64 and Int, use a default shared Source that produces a deterministic
Expand All @@ -14,8 +15,9 @@
// Mathematical interval notation such as [0, n) is used throughout the
// documentation for this package.
//
// For random numbers suitable for security-sensitive work, see the crypto/rand
// package.
// This package's outputs might be easily predictable regardless of how it's
// seeded. For random numbers suitable for security-sensitive work, see the
// crypto/rand package.
package rand

import "sync"
Expand Down

0 comments on commit d2f96f2

Please sign in to comment.