Tech News
← Back to articles

Go Cryptography State of the Union

2025-11-20 | original
read original related products more articles

Last August, I delivered my traditional Go Cryptography State of the Union talk at GopherCon US 2025 in New York.

It goes into everything that happened at the intersection of Go and cryptography over the last year.

You can watch the video (with manually edited subtitles, for my fellow subtitles enjoyers) or read the transcript below (for my fellow videos not-enjoyers).

The annotated transcript below was made with Simon Willison’s tool. All pictures were taken around Rome, the Italian contryside, and the skies of the Northeastern United States.

Annotated transcript

# Welcome to my annual performance review. We are going to talk about all of the stuff that we did in the Go cryptography world during the past year.

# When I say "we," it doesn't mean just me, it means me, Roland Shoemaker, Daniel McCarney, Nicola Morino, Damien Neil, and many, many others, both from the Go team and from the Go community that contribute to the cryptography libraries all the time. I used to do this work at Google, and I now do it as an independent as part of and leading Geomys, but we'll talk about that later.

# When we talk about the Go cryptography standard libraries, we talk about all of those packages that you use to build secure applications. That's what we make them for. We do it to provide you with encryption and hashes and protocols like TLS and SSH, to help you build secure applications.

# The main headlines of the past year: We shipped post quantum key exchanges, which is something that you will not have to think about and will just be solved for you. We have solved FIPS 140, which some of you will not care about at all and some of you will be very happy about. And the thing I'm most proud of: we did all of this while keeping an excellent security track record, year after year.

# This is an update to something you've seen last year. The Go Security Track Record It's the list of vulnerabilities in the Go cryptography packages. We don't assign a severity—because it's really hard, instead they're graded on the "Filippo's unhappiness score." It goes shrug, oof, and ouch. Time goes from bottom to top, and you can see how as time goes by things have been getting better. People report more things, but they're generally more often shrugs than oofs and there haven't been ouches.

... continue reading

Related:
IBM, Cisco Outline Plans For Networks of Quantum Computers By Early 2030s
Robots at Home: Are Teleoperated Humanoids Really as Scary as They Seem?
A New Record Has Been Set for Most Valuable Comic Book Ever
Even Realities Even G2 Review: Anti-Meta Smart Glasses With Real Potential
It's Time to Rethink Research and Development. Here's What Must Change.

© 2025 GoKawiil