Go Cryptography State of the Union
2 days ago
- #security
- #cryptography
- #Go programming
- The 2025 Go Cryptography State of the Union covered updates in Go's cryptographic libraries, focusing on post-quantum key exchanges, FIPS 140 compliance, and security improvements.
- Post-quantum key exchanges were introduced in Go 1.24, using ML-KEM-768 alongside X25519 for hybrid security in TLS and SSH connections.
- FIPS 140-3 compliance was achieved with a native Go module, eliminating the need for BoringCrypto and cgo, while maintaining security standards.
- Security track record remains strong with no critical vulnerabilities ('ouches') since 2019 and a successful audit by Trail of Bits finding no issues.
- Improvements in cryptographic performance and API usability were highlighted, including faster AES-CTR, SHA-3 optimizations, and better RSA key generation.
- Testing methodologies were enhanced with mutation testing for assembly code and accumulated test vectors for comprehensive coverage.
- Future plans include TLS profiles for simplified configuration and potential passkey integration into the standard library.
- Geomys, the organization behind these efforts, expanded with new maintainers and continued support from clients like Smallstep, Ava Labs, and Tailscale.