You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While https://pkg.go.dev/crypto/rand#Read does not require a check on the number of bytes read, it should probably have a check for errors. If an error occurs, there may be no read and the key material may be predictable.
The text was updated successfully, but these errors were encountered:
There are a couple of places where reads from crypto/rand are not checked for errors:
secretstream/stream.go
Line 69 in 43e9432
secretstream/stream.go
Line 79 in 43e9432
While https://pkg.go.dev/crypto/rand#Read does not require a check on the number of bytes read, it should probably have a check for errors. If an error occurs, there may be no read and the key material may be predictable.
The text was updated successfully, but these errors were encountered: