math/big: add security warning to (*Int).Rand

Change-Id: I22a67733aa2d07298e124077654c9b1473802100 Reviewed-on: https://go-review.googlesource.com/76012 Reviewed-by: Aliaksandr Valialkin <valyala@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2024-11-19 13:14:42 -07:00 · 2017-11-05 14:33:21 -05:00 · 2017-11-05 14:33:21 -05:00 · ef0e2af7b0
commit ef0e2af7b0
parent b4c84a1b01
1 changed files with 3 additions and 0 deletions
--- a/src/math/big/int.go
+++ b/src/math/big/int.go
@ -644,6 +644,9 @@ func (z *Int) lehmerGCD(a, b *Int) *Int {
 }

 // Rand sets z to a pseudo-random number in [0, n) and returns z.
+//
+// As this uses the math/rand package, it must not be used for
+// security-sensitive work. Use crypto/rand.Int instead.
 func (z *Int) Rand(rnd *rand.Rand, n *Int) *Int {
 	z.neg = false
 	if n.neg || len(n.abs) == 0 {