-
Notifications
You must be signed in to change notification settings - Fork 18.3k
Closed
Labels
FrozenDueToAgeNeedsDecisionFeedback is required from experts, contributors, and/or the community before a change can be made.Feedback is required from experts, contributors, and/or the community before a change can be made.ProposalProposal-AcceptedProposal-FinalCommentPeriodv2An incompatible library changeAn incompatible library change
Milestone
Description
What version of Go are you using (go version
)?
1.7.3
What operating system and processor architecture are you using (go env
)?
all
What did you do?
I wrote https://play.golang.org/p/WpSHEv_Mc7
import "math/rand"
_, err := rand.Read(randBuff)
I should have written https://play.golang.org/p/Ho8Ior-om7
import "crypto/rand"
_, err := rand.Read(randBuff)
In practice, the import statement and the function invocation are not one line apart, but separated by a lot of code. Also, IDEs may automatically import the wrong package.
What did you expect to see?
I expected crypto rand to be obviously different than math rand. Something like:
import "crypto/rand"
_, err := rand.CryptoRand(randBuff)
while,
import "math/rand"
_, err := rand.InsecureRand(randBuff)
This makes it super clear that one is not like the other, and helps the developer decide which to use. Also helps code reviewers determine if there is an obvious error.
Security should be explicit.
What did you see instead?
I saw experienced and inexperienced developers both make the same mistake of using math/rand instead of crypto/rand, and code reviews miss the problem.
wcharczuk, crvv, akalin, trivigy, owais and 7 moredarren, urandom, OneOfOne, leonklingele and flimzycristaloleg and ainar-g
Metadata
Metadata
Assignees
Labels
FrozenDueToAgeNeedsDecisionFeedback is required from experts, contributors, and/or the community before a change can be made.Feedback is required from experts, contributors, and/or the community before a change can be made.ProposalProposal-AcceptedProposal-FinalCommentPeriodv2An incompatible library changeAn incompatible library change