I will see people use this method to random seed init for Go to make random!
func init() {
rand.Seed(time.Now().UTC().UnixNano())
}
I am 100% sure this method is not safe, guess time.Now().UTC().UnixNano() is 1000X> easy then find real generated random password
Does any one have an idea, also call windows api to generate random seed is good idea I think?
If security is important to begin with, then you should "drop" math/rand and use crypto/rand in the first place.
If security is "not" important, then seeding with time.Now().UnixNano() is perfectly fine. (Note that it is needless to call Time.UTC() because Time.UnixNano() returns the Unix time which is specified to be in UTC.)
Note that there are 2592000000000000 nanoseconds in 24 hours, so even if the day is known, theoretically there are 2.592*1015 different seed combinations, perfectly enough for non-secure scenarios.
rand.Seed() is to seed the global Rand of the math/rand package. You don't have to (you can't) seed the crypto/rand package.
See possible duplicate: Generate random string WITHOUT time?
See related questions: