GopherCon 2024: The Go Cryptography State of the Union - Filippo Valsorda

2024 was an exciting year for Go cryptography and security. The new post-quantum algorithms, the ones that can’t be broken by quantum computers, are finally here and ready to go in crypto/tls. We’ll look at how we implemented them for testability and safety, and why rolling them out now is important. One of the classic security foot-guns, using math/rand instead of crypto/rand, is now disarmed: the global math/rand and math/rand/v2 generator is now cryptographically secure. We’ll see why this was so dangerous and how we mitigated the risk while respecting the Compatibility Promise. Past releases brought a new package, crypto/ecdh, large rewrites of the elliptic curve and RSA backends to be safer and constant time, and a number of deprecations. The final goal was to move math/big outside of the security perimeter. We succeeded! However, the new RSA backend was slower. It is no more! We’ll talk about the performance optimizations that went into that. x/crypto/ssh was one of the least maintained packages in the library. Over the last year, it got a much-needed refresh from Nicola Murino, including new recent privacy features, protocol vulnerability fixes, and compatibility work. Speaking of x/crypto… did you ever wonder why some packages were in x/crypto and some in the standard library? No good reason! We decided to move all the good ones to the stdlib and deprecated or froze the rest. We’ll go over how and why we picked each package. There’s even a FIPS 140 validation on the horizon. If you’re curious about the constant progress of Go’s cryptography libraries and security posture or if you want to learn more from behind the curtain, this is the opportunity to catch up and dive in.