Secure Randomness in Go 1.22
(go.dev)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 07 May 2024 06:15
https://inks.tedunangst.com/l/5116
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 07 May 2024 06:15
https://inks.tedunangst.com/l/5116
Computers aren’t random. On the contrary, hardware designers work very hard to make sure computers run every program the same way every time. So when a program does need random numbers, that requires extra effort. Traditionally, computer scientists and programming languages have distinguished between two different kinds of random numbers: statistical and cryptographic randomness. In Go, those are provided by math/rand and crypto/rand, respectively. This post is about how Go 1.22 brings the two closer together, by using a cryptographic random number source in math/rand (as well as math/rand/v2, as mentioned in our previous post). The result is better randomness and far less damage when developers accidentally use math/rand instead of crypto/rand.
#development #go #programming #random #security #update
#development #go #inks #programming #random #security #update
threaded - newest