Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

security - Why is gosec complaining about G404 Use of weak random number generator (math/rand instead of crypto/rand)?

I have this code in my hobby project:

import (
    "math/rand"
    "time"
)

func getRandomBool() bool {
  return rand.Int31()&(1<<30) == 0
}

func getRandomInt(min, max int) int {
  return rand.Intn(max-min+1) + min
}

func getRandomDate(min, max int64) time.Time {
  delta := max - min

  sec := rand.Int63n(delta) + min

  return time.Unix(sec, 0)
}

Why is gosec complaining about each line with rand...?

G404: Use of weak random number generator (math/rand instead of crypto/rand) (gosec)

I think it thinks this code is for generating something super secret: which is not!

Am I wrong?

question from:https://stackoverflow.com/questions/66056065/why-is-gosec-complaining-about-g404-use-of-weak-random-number-generator-math-ra

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...