Use crypto/rand instead of math/rand in correlationvector

Question

Use crypto/rand instead of math/rand in correlationvector

Opened this issue 4 years ago · 0 comments

Issue: correlationvector.go uses PRNG from math/rand which uses the same seed which would yield the same CV unless developer explicitly calls rand.Seed to initialize generator with a new seed [1].

One possible remediation would be using crypto/rand instead of math/random.

Possible workaround for existing apps would be using code like rand.Seed(time.Now().UnixNano()) by developer.

P.S.:

article explaining random generator
More details on math seed behavior: https://golang.org/pkg/math/rand/#Seed