Hi,
Using 27.1.2, the compiler tells me:
fwknop.erl:78:25: Warning: crypto:rand_uniform/2 is deprecated; use rand:uniform/1 instead
As far as I can tell, rand_uniform is not cryptographically secure, whereas crypto:rand_uniform was intended to be, and probably (?) was, at least from about OTP 20 onwards.
Is the compiler’s advice as bad as it seems?
Matthias
Before crypto 3.0 the API used is BN_pseudo_rand_range which is documented as:
pseudo-random numbers generated by this function are not necessarily unpredictabl
Reference: BN_rand_range(3)
When running crypto 3.0 it uses BN_rand_range which is cryptographigally secure. So it depends on which version of libcrypto you are using. The deprecation of crypto:rand_uniform was done long before crypto 3.0 was created.
So using rand instead is a good option. If you want something that is cryptographically secure no matter which version of crypto you have, you should use strong rand bytes.
This should probably be made clear in the crypto docs. A PR would be most welcome.