From: Andrey Petrov <andrey.petrov@shazow.net>
Date: Thu, 30 Jul 2015 09:47:01 +0000 (+0200)
Subject: math/rand: warn against using package for security-sensitive work
X-Git-Tag: go1.5rc1~90
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=7cabaded5118883a8e038df6c4365cbca4df7f1e;p=gostls13.git

math/rand: warn against using package for security-sensitive work

Urge users of math/rand to consider using crypto/rand when doing
security-sensitive work.

Related to issue #11871. While we haven't reached consensus on how
to make the package inherently safer, everyone agrees that the docs
for math/rand can be improved.

Change-Id: I576a312e51b2a3445691da6b277c7b4717173197
Reviewed-on: https://go-review.googlesource.com/12900
Reviewed-by: Rob Pike <r@golang.org>
---

diff --git a/src/math/rand/rand.go b/src/math/rand/rand.go
index 3ffb5c4e5c..6360128e39 100644
--- a/src/math/rand/rand.go
+++ b/src/math/rand/rand.go
@@ -9,6 +9,9 @@
 // sequence of values each time a program is run. Use the Seed function to
 // initialize the default Source if different behavior is required for each run.
 // The default Source is safe for concurrent use by multiple goroutines.
+//
+// For random numbers suitable for security-sensitive work, see the crypto/rand
+// package.
 package rand
 
 import "sync"