From d81c3a628d7f2b1f79f613b843629ae912d0113c Mon Sep 17 00:00:00 2001
From: Alexei S <a.shpikat@gmail.com>
Date: Mon, 14 Feb 2022 23:43:39 +0300
Subject: [PATCH] Seed global random using crypto/rand. (#786)

---
 main.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index d25851299..aff2e5b6f 100644
--- a/main.go
+++ b/main.go
@@ -16,6 +16,8 @@ package main
 
 import (
 	"context"
+	cryptorand "crypto/rand"
+	"encoding/binary"
 	"flag"
 	"fmt"
 	"io/ioutil"
@@ -63,8 +65,6 @@ func main() {
 	semver := fmt.Sprintf("%s+%s", version, commitID)
 	// Always set default timeout on HTTP client.
 	http.DefaultClient.Timeout = 1500 * time.Millisecond
-	// Initialize the global random obj with customs seed.
-	rand.Seed(time.Now().UnixNano())
 
 	tmpLogger := server.NewJSONLogger(os.Stdout, zapcore.InfoLevel, server.JSONFormat)
 
@@ -103,6 +103,15 @@ func main() {
 	startupLogger.Info("Node", zap.String("name", config.GetName()), zap.String("version", semver), zap.String("runtime", runtime.Version()), zap.Int("cpu", runtime.NumCPU()), zap.Int("proc", runtime.GOMAXPROCS(0)))
 	startupLogger.Info("Data directory", zap.String("path", config.GetDataDir()))
 
+	// Initialize the global random obj with customs seed.
+	var seed int64
+	err := binary.Read(cryptorand.Reader, binary.BigEndian, &seed)
+	if err != nil {
+		startupLogger.Warn("Failed to get strongly random seed, fallback to a less random one.", zap.Error(err))
+		seed = time.Now().UnixNano()
+	}
+	rand.Seed(seed)
+
 	redactedAddresses := make([]string, 0, 1)
 	for _, address := range config.GetDatabase().Addresses {
 		rawURL := fmt.Sprintf("postgres://%s", address)
-- 
GitLab