Filippo Valsorda, Roland Shoemaker, and Nicola Murino continue discussing what's new in Go's cryptography libraries. They cover topics such as NIST standards, post-quantum key exchange, open source language models, implementing a new feature in OpenSSH protocol, Windows 11 test breakage, and even casual conversation about cooking and kitchen setups in different countries.
Transition to post-quantum cryptography and the need for new algorithms resistant to quantum attacks.
Upcoming changes and improvements in the SSH protocol, including the introduction of the 'ping' extension.
Enhancements in Go's math.Rand function to switch to ChaCha8 for better cryptographic safety.
Deep dives
New Developments in Post-Quantum Cryptography
One of the main topics discussed in this podcast episode is the transition from pre-quantum to post-quantum cryptography. The hosts talk about the potential threats that quantum computers could pose to current cryptographic systems and the need to implement new algorithms that can resist attacks from quantum computers. They mention the recent NIST competition where different proposals were submitted and some key exchange and signature algorithms were selected. The selected algorithms, such as Kyber and Dilithium, are said to be slower and have larger keys compared to the current cryptographic algorithms. They also discuss the challenges of maintaining backward compatibility with older systems while introducing these new algorithms.
Improvements in the SSH Protocol
Another topic covered in the podcast is the upcoming changes and improvements in the SSH protocol. One highlighted change is the introduction of a new protocol extension called 'ping' at openSSH.com, which allows the client to emulate keystrokes at a fixed interval to prevent passive network detection. They discuss the limitations of the existing message formats in SSH and the need to introduce new interfaces to handle these changes. The hosts also mention the complexity of the OpenSSH protocol, including issues related to key types, signature algorithms, and the handling of certificates. They express their satisfaction with the recent improvements in the OpenSSH implementation and the active maintenance efforts put into it.
Cryptographically Safe Math.Rand in Go 1.22
A noteworthy mention in this podcast episode is the upcoming change in the math.Rand function in Go 1.22. The hosts mention that the default number generator will switch to ChaCha8 to enhance cryptographic safety. This change aims to prevent potential vulnerabilities if math.Rand is mistakenly used instead of the cryptographic random number generator in the crypto package. The hosts express their enthusiasm for this improvement in Go and celebrate its merger during the episode recording.
Quick: The Next Version of HTTP
Quick is often referred to as the next version of HTTP. It is the underlying transport protocol of HTTP 3, which combines new HTTP semantics and the quick protocol. Unlike TCP, which is implemented by the kernel, quick is implemented over UDP, making it faster and more flexible. It simplifies the layered structure of the internet and encrypts headers to prevent network engineers from interfering. Quick is expected to be transparent to most users, enabling faster and more secure communication.
Improved TLS Library for Better Performance
A new library called Crypto Byte has improved the performance of certificate parsing in Go by approximately 80%. This library provides a more efficient and explicit parsing process, allowing for faster TLS handshakes and reducing memory allocations. The updated library, which is used for authentication in TLS, allows for better configurability and compatibility, particularly with newer versions of OpenSSH. It also enables the implementation of the FIPS mode and brings additional flexibility and secure options for cryptographic operations.
Filippo Valsorda & Roland Shoemaker from the Go Team return & bring Nicola Murino with them to continue catching us up on what’s new in Go’s crypto libraries.
This is everything we didn’t cover + deep dives from Part 1!
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
