New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: math/rand/v2: add ChaCha8.Read #67059
Comments
Compare #65562 which proposes adding Read to Rand instead, apparently on the assumption that it will have a ChaCha8 inside. |
Another possibility:
Using the name Also, it's simpler than implementing |
Ah, yes, this is pretty much a #65562 duplicate, thanks @zephyrtronium. /cc @lukechampine Even if it solves the name collision, I am not convinced by a package-level Bytes: without Seed, what's the point of having both that and crypto/rand.Read? Eliding the error return is nice, but I think that having |
Sometimes you want some random bytes for non-security purposes, and you don't want to juggle two |
I'm in favor of #67059 (this proposal) over #65562 because I am often generating keys with crypto/ed25519 for tests. I want the key to be from a potentially-random seed, but using math/rand/v2 for GenerateKey is awkward for the reasons that @FiloSottile mentions. For others who may stumble upon this, I found it nice that I can do this:
But, in order use |
I'm also in favor of this proposal over my own. I stand by my position regarding the security of |
Currently, if an application needs to generate a reproducible sequence of random bytes, it can choose amongst
math/rand.(*Rand).Read
, which uses the predictable Go 1 random number generator; orcipher.StreamReader
to combine it with a*chacha20.Cipher
, which is pretty inconvenient.Since we now have a pretty good secure, deterministic, and specified RNG as math/rand/v2.ChaCha8, it makes sense to add a Read method to it.
Since it's on the
*ChaCha8
value, it's not going to be accidentally misused in place of crypto/rand./cc @golang/security @golang/proposal-review
The text was updated successfully, but these errors were encountered: