10x faster than crypto/rand. Uses securely allocated memory. Forked from https://gitlab.com/NebulousLabs/fastrand
go get github.com/awnumar/fastrand
fastrandimplements a cryptographically secure pseudorandom number generator. The generator is seeded using the system's default entropy source, and thereafter produces random values via repeated hashing. As a result,
fastrandcan generate randomness much faster than
crypto/rand, and generation cannot fail beyond a potential panic during
fastrandwas forked from
gitlab.com/NebulousLabs/fastrand. This version of the package uses securely allocated memory provided by
fastrandalso scales better than
math/randwhen called in parallel. In fact,
fastrandcan even outperform
math/randwhen using enough threads. Luke Champine if you are primarily concerned with speed or if memory security is not part of your threat model.
frandis substantially faster than this package.
// 32 byte reads BenchmarkRead32 10000000 175 ns/op 181.86 MB/s BenchmarkReadCrypto32 500000 2733 ns/op 11.71 MB/s
// 512 kb reads BenchmarkRead512kb 1000 1336217 ns/op 383.17 MB/s BenchmarkReadCrypto512kb 50 33423693 ns/op 15.32 MB/s
// 32 byte reads using 4 threads BenchmarkRead4Threads32 3000000 392 ns/op 326.46 MB/s BenchmarkReadCrypto4Threads32 200000 7579 ns/op 16.89 MB/s
// 512 kb reads using 4 threads BenchmarkRead4Threads512kb 1000 1899048 ns/op 1078.43 MB/s BenchmarkReadCrypto4Threads512kb 20 97423380 ns/op 21.02 MB/s
fastranduses an algorithm similar to Fortuna, which is the basis for the
/dev/randomdevice in FreeBSD. However, although the techniques used by
fastrandare known to be secure, the specific implementation has not been reviewed by a security professional. Use with caution.
The general strategy is to use
crypto/randat init to get 32 bytes of strong entropy. From there, the entropy is concatenated to a counter and hashed repeatedly, providing 64 bytes of random output each time the counter is incremented. The counter is 16 bytes, which provides strong guarantees that a cycle will not be seen throughout the lifetime of the program.
sync/atomicpackage is used to ensure that multiple threads calling
fastrandconcurrently are always guaranteed to end up with unique counters.