Use of weak random number generator (math/rand instead of crypto/rand)
255 StartKey: []byte(""),
256 EndKey: []byte(""),
257 RegionEpoch: &metapb.RegionEpoch{ConfVer: 6, Version: 6},
258 Leader: peers[rand.Intn(3)],259 }
260
261 switch kind {Use of weak random number generator (math/rand instead of crypto/rand)
1334 Peers: peers,
1335 StartKey: []byte(fmt.Sprintf("s_%02d", i)),
1336 EndKey: []byte(fmt.Sprintf("s_%02d", i+1)),
1337 Leader: peers[rand.Intn(4)%3],1338 })
1339 id += 4
1340 }Use of weak random number generator (math/rand instead of crypto/rand)
1265 Peers: peers,
1266 StartKey: []byte(fmt.Sprintf("s_%02d", i)),
1267 EndKey: []byte(fmt.Sprintf("s_%02d", i+1)),
1268 Leader: peers[rand.Intn(4)%3],1269 })
1270 id += 4
1271 }
Description
math/rand is much faster for applications that don’t need crypto-level or security-related random data generation. crypto/rand is suited for secure and crypto-ready usage, but it’s slower. But in most cases, crypto/rand is likely to be more suitable, unless the performance is critical but the application's security is not (which is rare).
It is highly recommended to use crypto/rand when needing to be secure with random numbers such as generating session ID in a web application.
- crypto/rand package
- math/rand package
Bad practice
package main
import "math/rand"
func main() {
bad := rand.Int()
println(bad)
}
Recommended
package main
import "crypto/rand"
func main() {
good, _ := rand.Read(nil)
println(good)
}