This follows the recommendations outlined in Network Operations Division Cryptographic Requirements published on wikileaks on March 2017. We discard more bytes of the first keystream to reduce possibility of non-random bytes. This is similar to a change in FreeBSD: https://svnweb.freebsd.org/base?view=revision&revision=315225 Signed-off-by: Loganaden Velvindron <logan@hackers.mu> --- libc/stdlib/arc4random.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c index 0013612..8b62931 100644 --- a/libc/stdlib/arc4random.c +++ b/libc/stdlib/arc4random.c @@ -153,9 +153,10 @@ arc4_stir(struct arc4_stream *as) /* * Discard early keystream, as per recommendations in: - * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps + * Network Operations Division Cryptographic requirements + * published on wikileaks on march 2017 */ - for (n = 0; n < 256; n++) + for (n = 0; n < 3072; n++) (void)arc4_getbyte(as); arc4_count = 1600000; } -- 2.9.3