You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I notice that gothicRand uses math/rand and I'm wondering how secure this is during nonce generation, or if it needs to be hardened to use crypto/rand instead.
The text was updated successfully, but these errors were encountered:
Solves issue:
* markbates#215
Previously, gothic would use math/rand for secure nonce generation.
Since math/rand is not considered secure, it was suggested that we
switch to crypto/rand. This PR does that.
I chose to panic on the error because I believe that not being able to
read from crypto/rand suggests there's something seriously wrong with
your operating system, but I'm curious to see what others think.
I read at https://github.com/golang/go/wiki/CodeReviewComments#crypto-rand that
crypto/rand
should be used instead ofmath/rand
for security reasons.I notice that
gothicRand
usesmath/rand
and I'm wondering how secure this is during nonce generation, or if it needs to be hardened to usecrypto/rand
instead.The text was updated successfully, but these errors were encountered: