←back to thread

Hyrum's Law in Golang

(abenezer.org)
188 points thunderbong | 1 comments | 21 Nov 24 07:12 UTC | HN request time: 0.783s | source
Show context
FiloSottile ◴[21 Nov 24 08:44 UTC] No.42202326[source]
Hah, I wrote the crypto/rsa comments. We take Hyrum's Law (and backwards compatibility [1]) extremely seriously in Go. Here are a couple more examples:

- We randomly read an extra byte from random streams in various GenerateKey functions (which are not marked like the ones in OP) with MaybeReadByte [2] to avoid having our algorithm locked in

- Just yesterday someone reported that a private ECDSA key with a nil public key used to work, and now it doesn't, so we probably have to make it work again [3]

- Iterating over a map uses a randomized order to avoid exposing the internals

- The output of rand.Rand is considered part of the compatibility promise, so we had to go to great lengths to improve it [4]

- We discuss all the time what commitments to make in docs and what behaviors to disclaim, knowing we can never change something documented and probably something that's not explicitly documented as "this may change" [6]

[1]: https://go.dev/doc/go1compat

[2]: https://pkg.go.dev/crypto/internal/randutil#MaybeReadByte

[3]: https://go.dev/issue/70468

[4]: https://go.dev/blog/randv2

[5]: https://go.dev/blog/chacha8rand

[6]: https://go-review.googlesource.com/c/go/+/598336/comment/5d6...

replies(5): >>42202361 #>>42202405 #>>42203192 #>>42204222 #>>42204369 #
boloust ◴[21 Nov 24 11:25 UTC] No.42203192[source]
Ironically, I once wrote a load balancer in Go that relied on the randomized map iteration ordering.
replies(2): >>42203272 #>>42203939 #