Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/website/_content/doc: refer that crypto/ecdsa.GenerateKey is no longer deterministic since Go 1.20 #62255

Open
abread opened this issue Aug 24, 2023 · 2 comments
Open

x/website/_content/doc: refer that crypto/ecdsa.GenerateKey is no longer deterministic since Go 1.20 #62255

abread opened this issue Aug 24, 2023 · 2 comments
Labels
Documentation help wanted NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
Milestone
Backlog

Comments

@abread
Copy link

abread commented Aug 24, 2023

This change (#58637) recently bit me when upgrading Go, and it left me mad looking for bugs in data transmission when the different keys were the problem.

I gained the habit of reading release notes (at least for major upgrades) to avoid issues, but only the change to the constant-time is mentioned.
As it changes existing behavior, I believe it should be in the release notes, so that no one suffers the same fate :)
@gopherbot gopherbot added this to the Unreleased milestone Aug 24, 2023
@seankhliao seankhliao changed the title x/releasenotes: Refer that crypto/ecdsa.GenerateKey is no longer deterministic (since Go 1.20) x/website/_content/doc: refer that crypto/ecdsa.GenerateKey is no longer deterministic since Go 1.20 Aug 24, 2023
@cagedmantis cagedmantis added Documentation NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Aug 24, 2023
@cagedmantis cagedmantis modified the milestones: Unreleased, Backlog Aug 24, 2023
@cagedmantis
Copy link
Contributor

cc @FiloSottile @rolandshoemaker @golang/security

@bcmills bcmills modified the milestones: Backlog, Go1.20.9 Aug 25, 2023
@bcmills bcmills modified the milestones: Go1.20.9, Backlog Aug 25, 2023
@mvandeberg
Copy link

I ran into the same problem. Additionally, different keys are generated when run with the same seeded Rand.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation help wanted NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
5 participants
@cagedmantis @abread @bcmills @gopherbot @mvandeberg