Secure Randomness in Go 1.22 (Go Blog)

The Go Blog has a detailedarticle on the new, more secure random-number generator implemented forthe 1.22 release.

For example, when Go 1.20 deprecated math/rand's Read, we heardfrom developers who discovered (thanks to tooling pointing out useof deprecated functionality) they had been using it in places wherecrypto/rand's Read was definitely needed, like generating keymaterial. Using Go 1.20, that mistake is a serious security problemthat merits a detailed investigation to understand thedamage. Where were the keys used? How were the keys exposed? Wereother random outputs exposed that might allow an attacker to derivethe keys? And so on. Using Go 1.22, that mistake is just a mistake.