math/rand: warn against using package for security-sensitive work

Urge users of math/rand to consider using crypto/rand when doing security-sensitive work. Related to issue #11871. While we haven't reached consensus on how to make the package inherently safer, everyone agrees that the docs for math/rand can be improved. Change-Id: I576a312e51b2a3445691da6b277c7b4717173197 Reviewed-on: https://go-review.googlesource.com/12900Reviewed-by: Rob Pike <r@golang.org>

math/rand: warn against using package for security-sensitive work
Urge users of math/rand to consider using crypto/rand when doing security-sensitive work. Related to issue #11871. While we haven't reached consensus on how to make the package inherently safer, everyone agrees that the docs for math/rand can be improved. Change-Id: I576a312e51b2a3445691da6b277c7b4717173197 Reviewed-on: https://go-review.googlesource.com/12900Reviewed-by: Rob Pike <r@golang.org>
7cabaded · Andrey Petrov · Rob Pike · b7205b92 · 7cabaded
Commit 7cabaded authored Jul 30, 2015 by Andrey Petrov Committed by Rob Pike Jul 30, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

rand.go src/math/rand/rand.go +3 -0

No files found.
--- a/src/math/rand/rand.go
+++ b/src/math/rand/rand.go
@@ -9,6 +9,9 @@
 // sequence of values each time a program is run. Use the Seed function to
 // initialize the default Source if different behavior is required for each run.
 // The default Source is safe for concurrent use by multiple goroutines.
+//
+// For random numbers suitable for security-sensitive work, see the crypto/rand
+// package.
 package rand

 import "sync"