---------- Forwarded message ----------
From: Theo de Raadt
Date: Wed, Sep 9, 2015 at 10:42 AM
Subject: Re: getentropy, getrandom, arc4random()
To: guido@python.org

been speaking to a significant go person.


it takes data out of that buffer, and does not zero it behind itself.
obviously for performance reasons.

same type of thing happens with MT-style engines.  in practice, they
can be would backwards.  a proper stream cipher cannot be turned

however, that's just an academic observation.  or maybe it indicates
that well-financed groups can get it wrong too.

by the way, chacha arc4random can create random values faster than a
memcpy -- the computation of fresh output is faster than doing
gross-cost of "read" from memory (when cache dirtying is accounted for).

--Guido van Rossum (python.org/~guido)