Merge pull request #2014 from hashicorp/f-secure-rand

Use a cryptographically secure seed
This commit is contained in:
James Phillips 2016-05-09 20:07:28 -07:00
commit 2f0a95a2d9
1 changed files with 17 additions and 1 deletions

View File

@ -1,6 +1,9 @@
package lib
import (
crand "crypto/rand"
"math"
"math/big"
"math/rand"
"sync"
"time"
@ -8,11 +11,24 @@ import (
var (
once sync.Once
// SeededSecurely is set to true if a cryptographically secure seed
// was used to initialize rand. When false, the start time is used
// as a seed.
SeededSecurely bool
)
// SeedMathRand provides weak, but guaranteed seeding, which is better than
// running with Go's default seed of 1. A call to SeedMathRand() is expected
// to be called via init(), but never a second time.
func SeedMathRand() {
once.Do(func() { rand.Seed(time.Now().UTC().UnixNano()) })
once.Do(func() {
n, err := crand.Int(crand.Reader, big.NewInt(math.MaxInt64))
if err != nil {
rand.Seed(time.Now().UTC().UnixNano())
return
}
rand.Seed(n.Int64())
SeededSecurely = true
})
}