---------- Forwarded message ----------
From:
Theo de RaadtDate: Wed, Sep 9, 2015 at 10:36 AM
Subject: Re: getentropy, getrandom, arc4random()
To:
guido@python.org> Yet another thing. Where do you see that Go and Swift have secure random as
> a keyword? Searching for "golang random" gives the math/rand package as the
> first hit, which has a note reminding the reader to use crypto/rand for
> security work.
yes, well, look at the other phrase it uses...
that produces a deterministic sequence of values each time a program is run
it documents itself as being decidely non-random. that documentation
change happened soon after this event:
https://lwn.net/Articles/625506/
these days, the one people are using is found using "go secure random"
https://golang.org/pkg/crypto/rand/
that opens /dev/urandom or uses the getrandom system call depending on
system. it also has support for the windows entropy API. it pulls
data into a large buffer, a cache. then each subsequent call, it
consumes some, until it rus out, and has to do a fresh read. it
appears to not clean the buffer behind itself, probably for
performance reasons, so the memory is left active. (forward secrecy
violated)
i don't think they are doing the best they can... i think they should
get forward secrecy and higher performance by having an in-process
chacha. but you can sense the trend.
here's an example of the fallout..
https://github.com/golang/go/issues/9205
> For Swift it's much the same -- there's an arc4random() in
> the Darwin package but nothing in the core language.
that is what people are led to use.