From 0a6b5817a9b0d2de78e6b18d321c27c8a05bd97a Mon Sep 17 00:00:00 2001
From: Adam Crowder <adam@adamcrowder.net>
Date: Mon, 11 May 2020 18:57:04 -0700
Subject: [PATCH] use cryptographically secure rng seed

Signed-off-by: Adam Crowder <adam@adamcrowder.net>
---
 server/server.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index 5a7168a..731fde2 100644
--- a/server/server.go
+++ b/server/server.go
@@ -28,6 +28,8 @@ import (
 	"errors"
 	gorillaHandlers "github.com/gorilla/handlers"
 	"log"
+	crypto_rand "crypto/rand"
+	"encoding/binary"
 	"math/rand"
 	"mime"
 	"net/http"
@@ -306,7 +308,11 @@ func New(options ...OptionFn) (*Server, error) {
 }
 
 func init() {
-	rand.Seed(time.Now().UTC().UnixNano())
+	var seedBytes [8]byte
+	if _, err := crypto_rand.Read(seedBytes[:]); err != nil {
+		panic("cannot obtain cryptographically secure seed")
+	}
+	rand.Seed(int64(binary.LittleEndian.Uint64(seedBytes[:])))
 }
 
 func (s *Server) Run() {