Challenge type: Code review
Fixed in: version n/a
Original code: found here
This week's challenge again looked at cryptography but from a different angle. In this code, the gothic library defines a function which is relying on a weak cryptographic primitive, math/random. There has been a lot of research over the years on multiple languages that have cited the use of built-in math classes as insecure for cryptographic uses. For further reading, check out the following links:
While there is no fix for this vulnerability at this time, addressing the issue would require that the developer swap out the use of `math/random` for `crypto/random`. The following article walks through the process - https://golang.org/pkg/crypto/rand/
If you're interested in keeping up on Coffee With A Splash Of Cyber each week, subscribe by entering your email address below.