What is Nostr?
Filippo Valsorda :go: /
npub1whz…kn2m
2024-08-07 12:35:31

Filippo Valsorda :go: on Nostr: If you look at a crypto/rsa invocation, you can’t actually know if it’s secure or ...

If you look at a crypto/rsa invocation, you can’t actually know if it’s secure or not. The key size is nowhere in the type system. This is unusual among Go crypto packages.

I propose we fix that in Go 1.24. https://github.com/golang/go/issues/68762

If we break a production application with this, it’s overwhelmingly likely that we are fixing a security issue.

I know it will break some tests, but it’s hard to justify the real world risk, and we have a robust system of GODEBUG flags now.
Author Public Key
npub1whzyg92c6fsvpjjcnn504z0a2pfwenctp872sgmedqg2np4drj8qwakn2m