Skip to content

Commit

Permalink
math/rand: warn against using package for security-sensitive work
Browse files Browse the repository at this point in the history 
Urge users of math/rand to consider using crypto/rand when doing
security-sensitive work.

Related to issue #11871. While we haven't reached consensus on how
to make the package inherently safer, everyone agrees that the docs
for math/rand can be improved.

Change-Id: I576a312e51b2a3445691da6b277c7b4717173197
Reviewed-on: https://go-review.googlesource.com/12900
Reviewed-by: Rob Pike <r@golang.org>
  • Loading branch information
@shazow @robpike
shazow authored and robpike committed Jul 30, 2015
1 parent b7205b9 commit 7cabade
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/math/rand/rand.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@
// sequence of values each time a program is run. Use the Seed function to
// initialize the default Source if different behavior is required for each run.
// The default Source is safe for concurrent use by multiple goroutines.
//
// For random numbers suitable for security-sensitive work, see the crypto/rand
// package.
package rand

import "sync"
Expand Down

0 comments on commit 7cabade

Please sign in to comment.