Are the values generated by RandomString cryptographically random? Can you share any details on how you generate those random strings?

The RandomString under the hood calls the go Random reader, which is a global, shared instance of a cryptographically secure random number generator.

  • On Linux and FreeBSD, Reader uses getrandom(2) if available, /dev/urandom otherwise.
  • On OpenBSD, Reader uses getentropy(2).
  • On other Unix-like systems, Reader reads from /dev/urandom.
  • On Windows systems, Reader uses the RtlGenRandom API.
  • On Wasm, Reader uses the Web Crypto API.