Subj : Secure Randomness in Go 1.22 (Go Blog)
To   : All
From : LWN.net
Date : Tue May 07 2024 14:00:06

Secure Randomness in Go 1.22 (Go Blog)

Date:
Tue, 07 May 2024 12:46:53 +0000

Description:
The Go Blog has a detailed
article on the new, more secure random-number generator implemented for
the 1.22 release. For example, when Go 1.20 deprecated math/rand's Read, we 
heard
	from developers who discovered (thanks to tooling pointing out use
	of deprecated functionality) they had been using it in places where
	crypto/rand's Read was definitely needed, like generating key
	material. Using Go 1.20, that mistake is a serious security problem
	that merits a detailed investigation to understand the
	damage. Where were the keys used? How were the keys exposed? Were
	other random outputs exposed that might allow an attacker to derive
	the keys? And so on. Using Go 1.22, that mistake is just a mistake.

======================================================================
Link to news story:
https://lwn.net/Articles/972680/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.