Comments (7)
lukechampine
commented on May 29, 2024
4
I'm also in favor of this proposal over my own. I stand by my position regarding the security of ChaCha8, but ultimately what matters is exposing a Read method somewhere, and directly tying it to ChaCha8 ensures that callers will know what they're getting wrt security.
from go.
neild
commented on May 29, 2024
2
Another possibility:
// Bytes fills p with pseudo-random bytes from the default source.
func Bytes(p []byte)
// Bytes fills p with pseudo-random bytes.
func (*Rand) Bytes(p []byte)
Using the name Bytes avoids any possible confusion with crypto/rand.Read.
Also, it's simpler than implementing io.Reader; why return an error when there's no way the operation can fail?
from go.
FiloSottile
commented on May 29, 2024
2
Ah, yes, this is pretty much a #65562 duplicate, thanks @zephyrtronium. /cc @lukechampine
Even if it solves the name collision, I am not convinced by a package-level Bytes: without Seed, what's the point of having both that and crypto/rand.Read?
Eliding the error return is nice, but I think that having *ChaCha8 implement io.Reader is convenient. For example it can be swapped in for crypto/rand.Reader.
from go.
zephyrtronium
commented on May 29, 2024
Compare #65562 which proposes adding Read to Rand instead, apparently on the assumption that it will have a ChaCha8 inside.
from go.
neild
commented on May 29, 2024
without Seed, what's the point of having both that and crypto/rand.Read?
Sometimes you want some random bytes for non-security purposes, and you don't want to juggle two rand packages or deal with a Read function that returns an error?
from go.
mateusz834
commented on May 29, 2024
I think this proposal offers a performance advantage compared to #65562. The Read method on per-source RNGs can be optimized, whereas with #65562, Rand.Read would need to call each time the Source.Uint64 method, but for consistency with the rest of package the #65562 seems better.
from go.
hagemt
commented on May 29, 2024
I'm in favor of #67059 (this proposal) over #65562 because I am often generating keys with crypto/ed25519 for tests.
I want the key to be from a potentially-random seed, but using math/rand/v2 for GenerateKey is awkward for the reasons that @FiloSottile mentions. For others who may stumble upon this, I found it nice that I can do this:
import (
"crypto/ed25519"
rand1 "math/rand"
rand2 "math/rand/v2"
)
type RNG struct {
rand2.Source
}
func newRNG(seed int64) *RNG {
r := rand1.New(rand1.NewSource(seed))
return &RNG{r}
}
But, in order use ed25519.GenerateKey(newRNG(seed)) I need to make my type implement Read.
from go.
Related Issues (20)
- x/tools/gopls: InlayHint: nil panic due to ast.CallExpr.Fun with no type HOT 4
- proposal: go/types: add Alias.{TypeParams, SetTypeParams, TypeArgs, Origin}
- x/tools/gopls: "finding best view for change" bug.Report in Session.DidModifyFiles (via telemetry)
- crypto/tls: panic with `crypto/tls/fipsonly` HOT 2
- proposal: x/sys/unix: add `STATX_MNT_ID_UNIQUE` mask value HOT 1
- cgocall(asmstdcallAddr, unsafe.Pointer(c)) Segmentation fault HOT 1
- strings: TrimLeft() returns unexpected value HOT 1
- x/net/webdav: PUT with missing intermediate collection gave 404, MUST be 409 [RFC4918:S9.7.1]) HOT 1
- net/http,x/crypto/ssh: Hijack hangs when underlying net.Conn doesn't support SetReadDeadline
- encoding/json: adding a MarshalJSON method confuses JSON marshalling HOT 4
- x/pkgsite: package removal request for https://pkg.go.dev/github.com/RectangelHelp/blockaid-client-go HOT 1
- x/tools/gopls: crash during internal/imports.scanDirForPackage (crash) HOT 2
- x/tools/gopls: "View package documentation": use type information
- x/tools/gopls: make Hover display std version information HOT 1
- cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64 HOT 7
- proposal: x/tools/go/types/typeutil: add TypeMap[V] HOT 14
- x/net/ipv4: TestRawConnReadWriteUnicastICMP failures HOT 1
- x/pkgsite: package removal request for https://pkg.go.dev/github.com/spywiree/languagecodes HOT 1
- cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64 [1.21 backport] HOT 6
- x/build: modify contents of "gray box" (summary markdown) in LUCI UI to be more directly to the point for test failures HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go.