Secure Randomness in Go 1.22 - The Go Programming Language
Computers aren’t random. On the contrary, hardware designers work very hard to make sure computers run every program the same way every time. So when a program does need random numbers, that requires extra effort. Traditionally, computer scientists and programming languages have distinguished between two different kinds of random numbers: statistical and cryptographic randomness. In Go, those are provided by math/rand and crypto/rand, respectively. This post is about how Go 1.22 brings the two closer together, by using a cryptographic random number source in math/rand (as well as math/rand/v2, as mentioned in our previous post). The result is better randomness and far less damage when developers accidentally use math/rand instead of crypto/rand.
Before we can explain what Go 1.22 did, let’s take a closer look at statistical randomness compared to cryptographic randomness.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25452998/MSI_Claw_Verge_Sean_Hollister_1_10.jpg)
