From 7cabaded5118883a8e038df6c4365cbca4df7f1e Mon Sep 17 00:00:00 2001
From: Andrey Petrov <andrey.petrov@shazow.net>
Date: Thu, 30 Jul 2015 11:47:01 +0200
Subject: [PATCH] math/rand: warn against using package for security-sensitive
 work

Urge users of math/rand to consider using crypto/rand when doing
security-sensitive work.

Related to issue #11871. While we haven't reached consensus on how
to make the package inherently safer, everyone agrees that the docs
for math/rand can be improved.

Change-Id: I576a312e51b2a3445691da6b277c7b4717173197
Reviewed-on: https://go-review.googlesource.com/12900
Reviewed-by: Rob Pike <r@golang.org>
---
 src/math/rand/rand.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/math/rand/rand.go b/src/math/rand/rand.go
index 3ffb5c4e5c..6360128e39 100644
--- a/src/math/rand/rand.go
+++ b/src/math/rand/rand.go
@@ -9,6 +9,9 @@
 // sequence of values each time a program is run. Use the Seed function to
 // initialize the default Source if different behavior is required for each run.
 // The default Source is safe for concurrent use by multiple goroutines.
+//
+// For random numbers suitable for security-sensitive work, see the crypto/rand
+// package.
 package rand
 
 import "sync"