I'm always super skeptical about "second-hand" reimplementations of crypto protocols like these, because after working through a few of the crypto challenges around, it's pretty obvious that it is very easy to end up with vulnerable code.<p>Compared to a lot of other code, where you can easily tell you're "done" because "it works", with crypto code you're only halfways there. Not only does it have to work, but it has to <i>not break</i> and not leak secrets, too. Anything from timing attacks to bad handling of padding, bad random generators, not to speak of buffer overflows and logic errors (goto fail, anyone?)<p>I'm thinking it would be prudent to at least use separate keys for anything interfacing with non-default implementations. Can't remember the details but wasn't there an issue where if any (gpg? ssl?) key had been used for signing on a certain flawed implementation, its secrets were spilled?<p>What's the state of the Go SSH library, has it been vetted by ... veterans? :)
Any references about the security of cryptographic primitives in Go? I mean: side-channel attacks, timing attacks and the behaviour of rand().<p>Because that is the first thing I would look into.<p>Thanks.<p>I am just asking (a bit fearful, yes), not simply ranting.