---------- Forwarded message ---------- From: Theo de Raadt Date: Wed, Sep 9, 2015 at 10:36 AM Subject: Re: getentropy, getrandom, arc4random() To: firstname.lastname@example.org
Yet another thing. Where do you see that Go and Swift have secure random
a keyword? Searching for "golang random" gives the math/rand package as
first hit, which has a note reminding the reader to use crypto/rand for security work.
yes, well, look at the other phrase it uses...
that produces a deterministic sequence of values each time a program is run
it documents itself as being decidely non-random. that documentation change happened soon after this event:
these days, the one people are using is found using "go secure random"
that opens /dev/urandom or uses the getrandom system call depending on system. it also has support for the windows entropy API. it pulls data into a large buffer, a cache. then each subsequent call, it consumes some, until it rus out, and has to do a fresh read. it appears to not clean the buffer behind itself, probably for performance reasons, so the memory is left active. (forward secrecy violated)
i don't think they are doing the best they can... i think they should get forward secrecy and higher performance by having an in-process chacha. but you can sense the trend.
here's an example of the fallout..
For Swift it's much the same -- there's an arc4random() in the Darwin package but nothing in the core language.
that is what people are led to use.