math/rand & crypto/rand

Go ships two packages for generating random values, and the choice between them is one of the most consequential decisions in the standard library. math/rand is fast and deterministic, designed for simulations, sampling, shuffling, and anywhere repeatability or speed matters more than secrecy. crypto/rand is slower and pulls from the operating system's entropy pool, designed for anything an attacker might try to guess. Mixing them up is a security bug. This chapter walks through both packages, the seeding history, and the decision rule that keeps you out of trouble.