MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
were
Recherche

Secure Randomness in Go 1.22 (Go Blog)

mardi 7 mai 2024, 14:46 , par LWN.net
The Go Blog has a detailed
article on the new, more secure random-number generator implemented for
the 1.22 release.

For example, when Go 1.20 deprecated math/rand's Read, we heard
from developers who discovered (thanks to tooling pointing out use
of deprecated functionality) they had been using it in places where
crypto/rand's Read was definitely needed, like generating key
material. Using Go 1.20, that mistake is a serious security problem
that merits a detailed investigation to understand the
damage. Where were the keys used? How were the keys exposed? Were
other random outputs exposed that might allow an attacker to derive
the keys? And so on. Using Go 1.22, that mistake is just a mistake.
https://lwn.net/Articles/972680/
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 21 nov. - 20:56 CET