Filippo Valsorda :go: on Nostr: If you look at a crypto/rsa invocation, you can’t actually know if it’s secure or ...
If you look at a crypto/rsa invocation, you can’t actually know if it’s secure or not. The key size is nowhere in the type system. This is unusual among Go crypto packages.
I propose we fix that in Go 1.24. https://github.com/golang/go/issues/68762
If we break a production application with this, it’s overwhelmingly likely that we are fixing a security issue.
I know it will break some tests, but it’s hard to justify the real world risk, and we have a robust system of GODEBUG flags now.
I propose we fix that in Go 1.24. https://github.com/golang/go/issues/68762
If we break a production application with this, it’s overwhelmingly likely that we are fixing a security issue.
I know it will break some tests, but it’s hard to justify the real world risk, and we have a robust system of GODEBUG flags now.