doudi1979 2018-10-17 19:50
浏览 201
已采纳

在“ crypto / rand”成功之前生成随机字符串是个好主意吗?

Is it a good idea to generate a secure random hex string until the process succeeds?

All examples I've come across show that if rand.Read returns error, we should panic, os.Exit(1) or return empty string and the error.

I need my program to continue to function in case of such errors and wait until a random string is generated. Is it a good idea to loop until the string is generated, any pitfalls with that?

import "crypto/rand"

func RandomHex() string {
    var buf [16]byte
    for {
        _, err := rand.Read(buf[:])
        if err == nil {
            break
        }
    }
    return hex.EncodeToString(buf[:])
}
  • 写回答

2条回答 默认 最新

  • doulei3488 2018-10-17 21:55
    关注

    Is it a good idea to loop until the string is generated,

    That depends. Probably yes.

    any pitfalls with that?

    You discard the random bytes read on error. And this in a tight loop. This may drain you entropy source (depending on the OS) faster than it can be filled.

    Instead of an unbound infinite loop: Break after n rounds and give up. Graceful degradation or stopping is best: If your program is stuck in an endless loop it is also not "continue"ing.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值