From f89a993ec6b91636a3384dd568898245fbc273a1 Mon Sep 17 00:00:00 2001
From: Alex Dadgar <alex.dadgar@gmail.com>
Date: Wed, 17 Feb 2016 11:47:02 -0800
Subject: [PATCH] Use crypto random seed

---
 nomad/server.go |  5 +++--
 nomad/util.go   | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/nomad/server.go b/nomad/server.go
index 2af167bea..edc90f2eb 100644
--- a/nomad/server.go
+++ b/nomad/server.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"log"
-	"math/rand"
 	"net"
 	"net/rpc"
 	"os"
@@ -249,7 +248,9 @@ func NewServer(config *Config) (*Server, error) {
 	go s.heartbeatStats()
 
 	// Seed the global random.
-	rand.Seed(time.Now().UnixNano())
+	if err := seedRandom(); err != nil {
+		return nil, err
+	}
 
 	// Done
 	return s, nil
diff --git a/nomad/util.go b/nomad/util.go
index a47154356..635a09172 100644
--- a/nomad/util.go
+++ b/nomad/util.go
@@ -2,6 +2,8 @@ package nomad
 
 import (
 	"fmt"
+	"math"
+	"math/big"
 	"math/rand"
 	"net"
 	"os"
@@ -10,6 +12,8 @@ import (
 	"strconv"
 	"time"
 
+	crand "crypto/rand"
+
 	"github.com/hashicorp/serf/serf"
 )
 
@@ -127,3 +131,15 @@ func rateScaledInterval(rate float64, min time.Duration, n int) time.Duration {
 	}
 	return interval
 }
+
+// seedRandom seeds the global random variable using a cryptographically random
+// seed. It returns an error if determing the random seed fails.
+func seedRandom() error {
+	n, err := crand.Int(crand.Reader, big.NewInt(math.MaxInt64))
+	if err != nil {
+		return err
+	}
+	rand.Seed(n.Int64())
+	return nil
+}
+