Crypto Rand #215
Assignees
Comments
|
hmm, good catch. We should totally change that. |
bentranter
added a commit
to bentranter/goth
that referenced
this issue
Mar 16, 2018
Solves issue: * markbates#215 Previously, gothic would use math/rand for secure nonce generation. Since math/rand is not considered secure, it was suggested that we switch to crypto/rand. This PR does that. I chose to panic on the error because I believe that not being able to read from crypto/rand suggests there's something seriously wrong with your operating system, but I'm curious to see what others think.
|
Fixed in #220 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I read at https://github.com/golang/go/wiki/CodeReviewComments#crypto-rand that
crypto/randshould be used instead ofmath/randfor security reasons.I notice that
gothicRandusesmath/randand I'm wondering how secure this is during nonce generation, or if it needs to be hardened to usecrypto/randinstead.The text was updated successfully, but these errors were encountered: