age is looks interesting and is supposed to be a (simpler) encryption command line utility for encrypting files symmetrically and asymmetrically to multiple recipients written in go. The author is related to the I2P project. Let’s discuss its merits an whether it should be recommended/added as a default tool.
Filippo (author) did mention that using urandom is OK, but the problem is more nuanced as was researched here. Please post a link to a code audit report (If anyone has come across one).
For reference:
Was mentioend here:
Yes, please.
on the same road there is a tool called rage which is age (Go) but written in Rust:
I think thats what hulahoop referring to (because str4d is related to I2P).
Though its new which mean not audited nor widely used and for surely many needed missing features yet to add, Written in Go which only god know if google gonna keep this language or ditch it similar to many projects google ditched (even some of them successful…), The good thing Rust implementation come as a rescue to avoid this scenario if happened.
Filippo is a cryptographer working at Google and is the Go security lead — I’d say he’s intimately familiar with the language. str4d is another well-known cryptographer collaborating with Filippo on age and the age design.
No audit reports are readily available. However, the names on this project inspire confidence.
@Patrick Does the way GPG deal with the RNGs differ from age?
Here are the usual problems with Debian freezes keeping major age improvements: