MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
were
Search

Secure Randomness in Go 1.22 (Go Blog)

Tuesday May 7, 2024. 02:46 PM , from LWN.net
The Go Blog has a detailed
article on the new, more secure random-number generator implemented for
the 1.22 release.

For example, when Go 1.20 deprecated math/rand's Read, we heard
from developers who discovered (thanks to tooling pointing out use
of deprecated functionality) they had been using it in places where
crypto/rand's Read was definitely needed, like generating key
material. Using Go 1.20, that mistake is a serious security problem
that merits a detailed investigation to understand the
damage. Where were the keys used? How were the keys exposed? Were
other random outputs exposed that might allow an attacker to derive
the keys? And so on. Using Go 1.22, that mistake is just a mistake.
https://lwn.net/Articles/972680/

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Fri 1 - 01:11 CET