---------- Forwarded message ----------
From: Theo de Raadt
Date: Wed, Sep 9, 2015 at 10:42 AM
Subject: Re: getentropy, getrandom, arc4random()
been speaking to a significant go person.
it takes data out of that buffer, and does not zero it behind itself.
obviously for performance reasons.
same type of thing happens with MT-style engines. in practice, they
can be would backwards. a proper stream cipher cannot be turned
however, that's just an academic observation. or maybe it indicates
that well-financed groups can get it wrong too.
by the way, chacha arc4random can create random values faster than a
memcpy -- the computation of fresh output is faster than doing
gross-cost of "read" from memory (when cache dirtying is accounted for).