[kibibu]

It's to stop people misusing the crypto APIs, or making assumptions about them that the Go maintainers don't want to be stuck supporting.

https://go-review.googlesource.com/c/go/+/64451

> Code has ended up depending on things like RSA's key generation being deterministic given a fixed random Reader. This was never guaranteed and would prevent us from ever changing anything about it.

[rauhl]

I respect agl a lot, but this really doesn’t make sense to me. Should I be able to rely on the RSA keygen being deterministic between versions, given a fixed random Reader? No. But should I be able to rely on it being deterministic between runs with the same version? IMHO, yes. This changes the signature of key generation from (Reader) to (Reader, internal random).