RandSeq is deterministic

[cxhernandez]

According to the Go docs about the math/rand package:

The default number generator is deterministic, so it’ll produce the same sequence of numbers each time by default. To produce varying sequences, give it a seed that changes. Note that this is not safe to use for random numbers you intend to be secret, use crypto/rand for those.

So is RandSeq supposed to be deterministic?

[peastman]

It sounds like it, unless the seed value is being set somewhere first. What is that function used for?

[cxhernandez]

I don't see a call to rand.Seed anywhere 😕

It's used here to generate some sort of authorization token, and again here to generate a unique stream ID.

[peastman]

If the only requirement for those tokens is that they be unique within a run of the server, that's probably fine. If they need to be unique across runs, then it's important to set the seed. And if they need to be cryptographically secure (impossible to predict), then that's the wrong random number generator to use.

[cxhernandez]

If they need to be unique across runs, then it's important to set the seed.

I think to be absolutely safe this is what is required for the token, which is sent out to each client stream.