Navigation
Recherche
|
Secure Randomness in Go 1.22 (Go Blog)
mardi 7 mai 2024, 14:46 , par LWN.net
The Go Blog has a detailed
article on the new, more secure random-number generator implemented for the 1.22 release. For example, when Go 1.20 deprecated math/rand's Read, we heard from developers who discovered (thanks to tooling pointing out use of deprecated functionality) they had been using it in places where crypto/rand's Read was definitely needed, like generating key material. Using Go 1.20, that mistake is a serious security problem that merits a detailed investigation to understand the damage. Where were the keys used? How were the keys exposed? Were other random outputs exposed that might allow an attacker to derive the keys? And so on. Using Go 1.22, that mistake is just a mistake.
https://lwn.net/Articles/972680/
|
56 sources (32 en français)
Date Actuelle
jeu. 21 nov. - 20:56 CET
|