rand.Read() 和 io.ReadFull(rand.Reader) 的区别?

golang的随机包 rand.go 中我们可以看到 rand.Read 其实是调用的io.Reader.Read()

// Package rand implements a cryptographically secure
// pseudorandom number generator.
package rand

import "io"

// Reader is a global, shared instance of a cryptographically
// strong pseudo-random generator.
// On Unix-like systems, Reader reads from /dev/urandom.
// On Windows systems, Reader uses the CryptGenRandom API.
var Reader io.Reader

// Read is a helper function that calls Reader.Read.
func Read(b []byte) (n int, err error) { return Reader.Read(b) }

io.Reader.Read() 函数的说明如下：

Read reads up to len(p) bytes into p. It returns the number of bytes read (0 <= n <= len(p)) and any error encountered. Even if Read returns n < len(p), it may use all of p as scratch space during the call. If some data is available but not len(p) bytes, Read conventionally returns what is available instead of waiting for more.

简单来说，它读出的数据，并不一定是指定长度的。

 

io.ReadFull 函数则相反：

ReadFull reads exactly len(buf) bytes from r into buf. It returns the number of bytes copied and an error if fewer bytes were read. The error is EOF only if no bytes were read. If an EOF happens after reading some but not all the bytes, ReadFull returns ErrUnexpectedEOF. On return, n == len(buf) if and only if err == nil.

读取正好len(buf)长度的字节。如果字节数不是指定长度，则返回错误信息和正确的字节数。

当没有字节能被读时，返回EOF错误。

如果读了一些，但是没读完产生EOF错误时，返回ErrUnexpectedEOF错误。

综上对比，获取随机数时，最好是下面的写法。

import crand "crypto/rand"

r := make([]byte, length)

if _, err := io.ReadFull(crand.Reader, r); err != nil {
    panic("error reading from random source: " + err.Error())
}

 

参考资料：

rand.Read() or io.ReadFull(rand.Reader)?
https://groups.google.com/forum/#!topic/golang-nuts/eFS5GN-en3w