Skip to content

chore: use math/rand/v2 instead of math/rand #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
WeidiDeng wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: use math/rand/v2 instead of math/rand #363

WeidiDeng wants to merge 1 commit into from
+6 −6

Conversation

@WeidiDeng
Copy link
Member

@WeidiDeng WeidiDeng commented Jan 1, 2026

Similar to 7413.

mholt
mholt requested changes Jan 12, 2026
View reviewed changes
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Weidi! I just noticed one thing I wanted to check on.

config.go
key := fmt.Sprintf("rw_test_%d", weakrand.Int())
contents := make([]byte, 1024*10) // size sufficient for one or two ACME resources
_, err := weakrand.Read(contents)
_, err := rand.Read(contents)
Copy link
Member

@mholt mholt Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
_, err := rand.Read(contents)
_, err := weakrand.Read(contents)

Should be weakrand, right?

Copy link
Member Author

@WeidiDeng WeidiDeng Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this supposed to be cryptographically secure? math/rand/v2 doesn't have a package level 'Read' but it's easy to fill the content using random number generators.

certificates.go
"errors"
"fmt"
"math/rand"
"math/rand/v2"
Copy link
Member

@mholt mholt Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should import this as weakrand for consistency with other files. It's a convention that helps ensure readers know the package is not strong enough for cryptographic use. But then again I guess linters do this too, so I dunno.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mholt mholt mholt requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@WeidiDeng @mholt