security fix: Use of insufficient randomness as the key of a cryptographic algorithm

author: mhsanaei <ho3ein.sanaei@gmail.com> 2025-09-21 18:59:17 +0300
committer: mhsanaei <ho3ein.sanaei@gmail.com> 2025-09-21 18:59:17 +0300
commit: ae79b43cdb1fdcec772e9c411bb81243cae1de0a (patch)
tree: 6eb4c88d6b52da648b86c90c8fd0bbb94cd24703
parent: e64e6327ef4cfda8f612c98882fe649c02918ac7 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/util/random/random.go b/util/random/random.go
index 9610e26c..c746df63 100644
--- a/util/random/random.go
+++ b/util/random/random.go
@@ -2,7 +2,8 @@
 package random
 
 import (
-	"math/rand"
+	"crypto/rand"
+	"math/big"
 )
 
 var (
@@ -40,12 +41,21 @@ func init() {
 func Seq(n int) string {
 	runes := make([]rune, n)
 	for i := 0; i < n; i++ {
-		runes[i] = allSeq[rand.Intn(len(allSeq))]
+		idx, err := rand.Int(rand.Reader, big.NewInt(int64(len(allSeq))))
+		if err != nil {
+			panic("crypto/rand failed: " + err.Error())
+		}
+		runes[i] = allSeq[idx.Int64()]
 	}
 	return string(runes)
 }
 
 // Num generates a random integer between 0 and n-1.
 func Num(n int) int {
-	return rand.Intn(n)
+	bn := big.NewInt(int64(n))
+	r, err := rand.Int(rand.Reader, bn)
+	if err != nil {
+		panic("crypto/rand failed: " + err.Error())
+	}
+	return int(r.Int64())
 }
author	mhsanaei <ho3ein.sanaei@gmail.com>	2025-09-21 18:59:17 +0300
committer	mhsanaei <ho3ein.sanaei@gmail.com>	2025-09-21 18:59:17 +0300
commit	ae79b43cdb1fdcec772e9c411bb81243cae1de0a (patch)
tree	6eb4c88d6b52da648b86c90c8fd0bbb94cd24703
parent	e64e6327ef4cfda8f612c98882fe649c02918ac7 (diff)