Secure Randomness in Go 1.22

• gosec

  20 7,490 8.7 Go

  Go security checker

  

For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`

https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...

• goimports

  47 7,238 9.8 Go

  [mirror] Go Tools (by golang)

  

goimports has special-cased math/rand.Read vs crypto/rand.Read from basically the beginning. But https://github.com/golang/tools/commit/0835c735343e0d8e375f0... in 2016 references a time window where it could resolve "rand.Read" as "math/rand". Maybe you were in that time window?

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• ascon-c

  5 168 7.3 C

  Ascon - Lightweight Authenticated Encryption & Hashing

  

Related - a week or so ago I was playing with ASCON[1], a sponge based cipher and hash function aimed at embedded systems. A passing thought was that it might be handy to use as a random number generator. When I read this post a couple days ago, out of curiosity I picked up the ASCON permutation and benchmarked it vs this one.

It was unfortunately a bit slower: ~27 ns per 64-bit value (6 round permutation) vs ~4 ns for the included ChaCha8. I suspect it could be optimized, and run at the higher output rate (8 rounds per 128-bit output). One nice thing is that it does have a smaller state of only 40 bytes.

But - for the performance, this ChaCha8 implementation is _awesome_!

[1] https://ascon.iaik.tugraz.at

Suggest a related project