lightningdevkit · tnull · Oct 29, 2025 · Oct 29, 2025 · Oct 30, 2025 · tankyleo
diff --git a/Cargo.toml b/Cargo.toml
@@ -90,7 +90,7 @@ bip39 = "2.0.0"
 bip21 = { version = "0.5", features = ["std"], default-features = false }
 
 base64 = { version = "0.22.1", default-features = false, features = ["std"] }
-rand = "0.8.5"
+rand = { version = "0.9.2", default-features = false, features = ["std", "thread_rng", "os_rng"] }
 chrono = { version = "0.4", default-features = false, features = ["clock"] }
 tokio = { version = "1.37", default-features = false, features = [ "rt-multi-thread", "time", "sync", "macros" ] }
 esplora-client = { version = "0.12", default-features = false, features = ["tokio", "async-https-rustls"] }

diff --git a/src/event.rs b/src/event.rs
@@ -30,7 +30,7 @@ use lightning::util::persist::KVStoreSync;
 use lightning::util::ser::{Readable, ReadableArgs, Writeable, Writer};
 use lightning_liquidity::lsps2::utils::compute_opening_fee;
 use lightning_types::payment::{PaymentHash, PaymentPreimage};
-use rand::{thread_rng, Rng};
+use rand::{rng, Rng};
 
 use crate::config::{may_announce_channel, Config};
 use crate::connection::ConnectionManager;
@@ -1137,7 +1137,7 @@ where
 					}
 				}
 
-				let user_channel_id: u128 = thread_rng().gen::<u128>();
+				let user_channel_id: u128 = rng().random();
 				let allow_0conf = self.config.trusted_peers_0conf.contains(&counterparty_node_id);
 				let mut channel_override_config = None;
 				if let Some((lsp_node_id, _)) = self

diff --git a/src/io/test_utils.rs b/src/io/test_utils.rs
@@ -18,8 +18,8 @@ use lightning::util::persist::{
 };
 use lightning::util::test_utils;
 use lightning::{check_added_monitors, check_closed_broadcast, check_closed_event};
-use rand::distributions::Alphanumeric;
-use rand::{thread_rng, Rng};
+use rand::distr::Alphanumeric;
+use rand::{rng, Rng};
 
 type TestMonitorUpdatePersister<'a, K> = MonitorUpdatingPersister<
 	&'a K,
@@ -34,7 +34,7 @@ const EXPECTED_UPDATES_PER_PAYMENT: u64 = 5;
 
 pub(crate) fn random_storage_path() -> PathBuf {
 	let mut temp_path = std::env::temp_dir();
-	let mut rng = thread_rng();
+	let mut rng = rng();
 	let rand_dir: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
 	temp_path.push(rand_dir);
 	temp_path

diff --git a/src/io/utils.rs b/src/io/utils.rs
@@ -35,7 +35,8 @@ use lightning::util::persist::{
 };
 use lightning::util::ser::{Readable, ReadableArgs, Writeable};
 use lightning_types::string::PrintableString;
-use rand::{thread_rng, RngCore};
+use rand::rngs::OsRng;
+use rand::TryRngCore;
 
 use super::*;
 use crate::chain::ChainSource;
@@ -63,7 +64,7 @@ pub const EXTERNAL_PATHFINDING_SCORES_CACHE_KEY: &str = "external_pathfinding_sc
 pub fn generate_entropy_mnemonic() -> Mnemonic {
 	// bip39::Mnemonic supports 256 bit entropy max
 	let mut entropy = [0; 32];
-	thread_rng().fill_bytes(&mut entropy);
+	OsRng.try_fill_bytes(&mut entropy).expect("Failed to generate entropy");
 	Mnemonic::from_entropy(&entropy).unwrap()
 }
 
@@ -96,7 +97,10 @@ where
 		Ok(key)
 	} else {
 		let mut key = [0; WALLET_KEYS_SEED_LEN];
-		thread_rng().fill_bytes(&mut key);
+		OsRng.try_fill_bytes(&mut key).map_err(|e| {
+			log_error!(logger, "Failed to generate entropy: {}", e);
+			std::io::Error::new(std::io::ErrorKind::Other, "Failed to generate seed bytes")
+		})?;
 
 		if let Some(parent_dir) = Path::new(&keys_seed_path).parent() {
 			fs::create_dir_all(parent_dir).map_err(|e| {

diff --git a/src/io/vss_store.rs b/src/io/vss_store.rs
@@ -592,7 +592,7 @@ pub(crate) struct RandEntropySource;
 
 impl EntropySource for RandEntropySource {
 	fn fill_bytes(&self, buffer: &mut [u8]) {
-		rand::thread_rng().fill_bytes(buffer);
+		rand::rng().fill_bytes(buffer);
 	}
 }
 
@@ -604,8 +604,8 @@ impl RefUnwindSafe for VssStore {}
 mod tests {
 	use std::collections::HashMap;
 
-	use rand::distributions::Alphanumeric;
-	use rand::{thread_rng, Rng, RngCore};
+	use rand::distr::Alphanumeric;
+	use rand::{rng, Rng, RngCore};
 	use vss_client::headers::FixedHeaders;
 
 	use super::*;
@@ -615,7 +615,7 @@ mod tests {
 	#[test]
 	fn vss_read_write_remove_list_persist() {
 		let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
-		let mut rng = thread_rng();
+		let mut rng = rng();
 		let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
 		let mut vss_seed = [0u8; 32];
 		rng.fill_bytes(&mut vss_seed);
@@ -631,7 +631,7 @@ mod tests {
 	#[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 	async fn vss_read_write_remove_list_persist_in_runtime_context() {
 		let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap();
-		let mut rng = thread_rng();
+		let mut rng = rng();
 		let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
 		let mut vss_seed = [0u8; 32];
 		rng.fill_bytes(&mut vss_seed);

diff --git a/src/lib.rs b/src/lib.rs
@@ -1117,7 +1117,7 @@ impl Node {
 		}
 
 		let push_msat = push_to_counterparty_msat.unwrap_or(0);
-		let user_channel_id: u128 = rand::thread_rng().gen::<u128>();
+		let user_channel_id: u128 = rand::rng().random();
 
 		match self.channel_manager.create_channel(
 			peer_info.node_id,

diff --git a/src/liquidity.rs b/src/liquidity.rs
@@ -562,7 +562,7 @@ where
 						return;
 					};
 
-					let user_channel_id: u128 = rand::thread_rng().gen::<u128>();
+					let user_channel_id: u128 = rand::rng().random();
 					let intercept_scid = self.channel_manager.get_intercept_scid();
 
 					if let Some(payment_size_msat) = payment_size_msat {

diff --git a/src/payment/bolt12.rs b/src/payment/bolt12.rs
@@ -84,7 +84,7 @@ impl Bolt12Payment {
 		let offer = maybe_deref(offer);
 
 		let mut random_bytes = [0u8; 32];
-		rand::thread_rng().fill_bytes(&mut random_bytes);
+		rand::rng().fill_bytes(&mut random_bytes);
 		let payment_id = PaymentId(random_bytes);
 		let retry_strategy = Retry::Timeout(LDK_PAYMENT_RETRY_TIMEOUT);
 		let route_params_config = RouteParametersConfig::default();
@@ -191,7 +191,7 @@ impl Bolt12Payment {
 		let offer = maybe_deref(offer);
 
 		let mut random_bytes = [0u8; 32];
-		rand::thread_rng().fill_bytes(&mut random_bytes);
+		rand::rng().fill_bytes(&mut random_bytes);
 		let payment_id = PaymentId(random_bytes);
 		let retry_strategy = Retry::Timeout(LDK_PAYMENT_RETRY_TIMEOUT);
 		let route_params_config = RouteParametersConfig::default();
@@ -408,7 +408,7 @@ impl Bolt12Payment {
 		payer_note: Option<String>,
 	) -> Result<Refund, Error> {
 		let mut random_bytes = [0u8; 32];
-		rand::thread_rng().fill_bytes(&mut random_bytes);
+		rand::rng().fill_bytes(&mut random_bytes);
 		let payment_id = PaymentId(random_bytes);
 
 		let absolute_expiry = (SystemTime::now() + Duration::from_secs(expiry_secs as u64))

diff --git a/tests/common/mod.rs b/tests/common/mod.rs
@@ -43,8 +43,8 @@ use lightning_invoice::{Bolt11InvoiceDescription, Description};
 use lightning_persister::fs_store::FilesystemStore;
 use lightning_types::payment::{PaymentHash, PaymentPreimage};
 use logging::TestLogWriter;
-use rand::distributions::Alphanumeric;
-use rand::{thread_rng, Rng};
+use rand::distr::Alphanumeric;
+use rand::{rng, Rng};
 use serde_json::{json, Value};
 
 macro_rules! expect_event {
@@ -191,15 +191,15 @@ pub(crate) fn setup_bitcoind_and_electrsd() -> (BitcoinD, ElectrsD) {
 
 pub(crate) fn random_storage_path() -> PathBuf {
 	let mut temp_path = std::env::temp_dir();
-	let mut rng = thread_rng();
+	let mut rng = rng();
 	let rand_dir: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
 	temp_path.push(rand_dir);
 	temp_path
 }
 
 pub(crate) fn random_port() -> u16 {
-	let mut rng = thread_rng();
-	rng.gen_range(5000..32768)
+	let mut rng = rng();
+	rng.random_range(5000..32768)
 }
 
 pub(crate) fn random_listening_addresses() -> Vec<SocketAddress> {
@@ -216,8 +216,8 @@ pub(crate) fn random_listening_addresses() -> Vec<SocketAddress> {
 }
 
 pub(crate) fn random_node_alias() -> Option<NodeAlias> {
-	let mut rng = thread_rng();
-	let rand_val = rng.gen_range(0..1000);
+	let mut rng = rng();
+	let rand_val = rng.random_range(0..1000);
 	let alias = format!("ldk-node-{}", rand_val);
 	let mut bytes = [0u8; 32];
 	bytes[..alias.as_bytes().len()].copy_from_slice(alias.as_bytes());

diff --git a/tests/integration_tests_cln.rs b/tests/integration_tests_cln.rs
@@ -22,8 +22,8 @@ use ldk_node::bitcoin::Amount;
 use ldk_node::lightning::ln::msgs::SocketAddress;
 use ldk_node::{Builder, Event};
 use lightning_invoice::{Bolt11Invoice, Bolt11InvoiceDescription, Description};
-use rand::distributions::Alphanumeric;
-use rand::{thread_rng, Rng};
+use rand::distr::Alphanumeric;
+use rand::{rng, Rng};
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
 async fn test_cln() {
@@ -99,7 +99,7 @@ async fn test_cln() {
 	let user_channel_id = common::expect_channel_ready_event!(node, cln_node_id);
 
 	// Send a payment to CLN
-	let mut rng = thread_rng();
+	let mut rng = rng();
 	let rand_label: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect();
 	let cln_invoice =
 		cln_client.invoice(Some(10_000_000), &rand_label, &rand_label, None, None, None).unwrap();