---------- Forwarded message ---------- From: Theo de Raadt Date: Wed, Sep 9, 2015 at 10:42 AM Subject: Re: getentropy, getrandom, arc4random() To: guido@python.org been speaking to a significant go person. confirmed. it takes data out of that buffer, and does not zero it behind itself. obviously for performance reasons. same type of thing happens with MT-style engines. in practice, they can be would backwards. a proper stream cipher cannot be turned backwards. however, that's just an academic observation. or maybe it indicates that well-financed groups can get it wrong too. by the way, chacha arc4random can create random values faster than a memcpy -- the computation of fresh output is faster than doing gross-cost of "read" from memory (when cache dirtying is accounted for). -- --Guido van Rossum (python.org/~guido)