Full Report
These are the development principles of writing Cryptography in Golang. I find it cool that they take the design of Golang Cryptography seriously. There are four design principles: secure, safe, practical, and modern. Secure is obvious but important to note. This is achieved by reducing complexity, making it readable, and conducting extensive testing and code review. When a big change is made, it is only accepted in the Cryptography libraries if there are enough maintainer resources to perform an ongoing security review. They get code professionally reviewed from time to time, such as with the FIPS 140-3 module. Safe is the second one. The goal is to make unsafe functionality hard to use and have very explicit documentation on it. By default, only secure versions are used. Since this is done for most use cases, this limits the opportunities for issues. Practical is the third. Libraries should provide developers with mechanisms to do what they want to do easily. By supporting common patterns as first-party, the library is easy and safe to use. This is super unique compared to other libraries that just expose RSA and AES functions directly. Instead, the library has a Hash() function that defaults to the most secure and up-to-date hash function. All of this takes away the decision-making of algorithms and implementation from the developers, which is good. I love this approach! Finally, the cryptography should be modern. All primitives should be modern and up-to-date. Functionally, a legacy function should be marked as deprecated. Because of the slow development process, third-party projects will implement things first but that's okay. I personally don't like this a ton -- somebody is going to implement this functionality, so it should be the people who know it best. By waiting for the issues to stop, you're preventing issues from creeping into your library but you're also leaving users at risk. The Practical section has an interesting quote: "Note that performance, flexibility and compatibility are only goals to the extent that they make the libraries useful, not as absolute values in themselves."
Analysis Summary
# Best Practices: Secure Cryptographic Implementation (Go Principles)
## Overview
These practices address the design and implementation of cryptographic libraries and their consumption by developers. The core philosophy centers on "helping developers build secure applications" by reducing cognitive load, enforcing safe defaults, and prioritizing security over performance or legacy compatibility.
## Key Recommendations
### Immediate Actions
1. **Prioritize Readability over Performance:** Refactor cryptographic code to be highly readable. Complexity is the enemy of security; if a change increases performance but degrades readability, reject it.
2. **Audit Code Use:** Identify all instances where "unsafe" or low-level cryptographic primitives (e.g., direct RSA/AES calls) are used and replace them with higher-level, opinionated wrappers (e.g., specific `Hash()` functions).
3. **Enforce Safe Defaults:** Configure applications to use the most secure version of an algorithm by default. Disable legacy support (e.g., TLS 1.0, SHA-1) unless strictly required for a documented business case.
### Short-term Improvements (1-3 months)
1. **Standardize on Common Patterns:** Identify the most frequent cryptographic tasks (e.g., password hashing, data encryption at rest) and create internal "first-party" libraries that wrap standard Go crypto packages. This ensures developers don't have to make individual algorithmic decisions.
2. **Formalize Deprecation Cycles:** Audit your tech stack for superseded primitives. Mark them as deprecated in your internal documentation and provide a clear, documented migration path to a modern replacement.
3. **Implement External Security Reviews:** For critical cryptographic modules, schedule a professional third-party review (akin to a FIPS 140-3 readiness assessment) rather than relying solely on internal testing.
### Long-term Strategy (3+ months)
1. **Maintainer Resource Budgeting:** Establish a policy that no new cryptographic features are implemented unless there is a dedicated maintenance resource for ongoing security reviews.
2. **Adopt a "Modern-First" Architecture:** Build a roadmap to phase out experimental or niche third-party cryptographic libraries in favor of mature, widely-supported standard library implementations once they have stabilized.
3. **Governance through API Design:** Limit the availability of "unsafe" functionality. In cases where it must exist, require explicit flags or specific naming conventions (e.g., `InsecureExampleFunction`) to force developer acknowledgment.
## Implementation Guidance
### For Small Organizations
- **Stay with the Standard Library:** Avoid implementing custom cryptography. Use Go's `crypto/...` packages as they are designed to be safe by default.
- **Focus on Defaults:** Rely on the high-level functions that automate algorithm selection.
### For Medium Organizations
- **Build Internal Wrappers:** Create a "blessed" internal library that exposes only the specific cryptographic patterns your company uses, hiding the complexity of the underlying Go library.
- **Documentation:** Provide clear "how-to" guides for teams to ensure they use the libraries as intended.
### For Large Enterprises
- **FIPS Compliance:** Align development with FIPS 140-3 modules if operating in regulated environments.
- **Rigorous Peer Review:** Implement a mandatory review step for any code touching cryptographic implementations, requiring approval from a designated security lead.
## Configuration Examples
*While the text provides design philosophy, the implementation of these principles in Go looks like:*
go
// GOOD: Using a safe, modern default
// (Hypothetical representation of the "Practical" principle)
hash := crypto.NewHash() // Defaults to the most secure current implementation (e.g., SHA-256 or SHA-3)
// BAD: Forcing the developer to choose parameters they may not understand
// Unless the developer is a crypto expert, they might choose a weak mode or IV.
cipher := aes.NewCipher(key, aes.MODE_WEAK_LEGACY)
## Compliance Alignment
- **FIPS 140-3:** Alignment through professional reviews and modular design.
- **NIST SP 800-57:** Adherence to recommendations for key management and algorithm transitions (Modern principle).
- **CWE-327:** Avoidance of broken or risky cryptographic algorithms through deprecation and safe defaults.
## Common Pitfalls to Avoid
- **Chasing Performance:** Never sacrifice timing-attack resistance or code clarity for execution speed.
- **Experimental Agility:** Avoid using newly published cryptographic "drafts" in production; wait for them to be categorized as "Modern" and widely supported.
- **Flexibility Overload:** Do not provide developers with too many options. A library that allows any configuration is more likely to be configured incorrectly.
## Resources
- **Go Design Principles:** [https://golang.org/design/cryptography-principles]
- **Go Crypto Issue Tracker:** [https://golang.org/issue/32466]
- **FIPS 140-3 Standard Information:** [https://csrc.nist.gov/projects/fips-140-3-development]