Exploring crypto/rand of Go lang

Introduction:

In a recent benchmark test of a Go application, we noticed below branch which was surprisingly indicating 11.61% of whole CPU time is spent on generating the random UUID. This is a considerable fraction compared to the meaningfully spent time, as randomness or predictability were not big concerns in our use case. Here I leave a note on the context around this interesting syscall related with crypto/rand function of Go lang.

Syscall from crypto/rand package of Go lang

Crypto/rand in Go lang is a cryptographically secure random number generator (CSPRNG) which is designed to be unpredictable even if the internal implementation is exposed. It is to support security critical use cases where collisions or predictability will have dramatic consequences. To achieve this Crypto/rand has an interesting implementation which add to the cost, but serves the purpose well.

How Crypto/rand achieve randomness?

As explained in the documentation, https://pkg.go.dev/crypto/rand#pkg-variables it does a system call based on the underneath operating system to derive it’s randomness.

1. Linux, FreeBSD, Dragonfly, NetBSD, Solaris, Reader ->…