This follows the recommendations outlined in Network Operations Division Cryptographic Requirements published on wikileaks on March 2017. We discard more bytes of the first keystream to reduce possibility of non-random bytes. This is similar to a change in FreeBSD: https://svnweb.freebsd.org/base?view=revision&revision=315225
Signed-off-by: Loganaden Velvindron logan@hackers.mu --- libc/stdlib/arc4random.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c index 0013612..8b62931 100644 --- a/libc/stdlib/arc4random.c +++ b/libc/stdlib/arc4random.c @@ -153,9 +153,10 @@ arc4_stir(struct arc4_stream *as)
/* * Discard early keystream, as per recommendations in: - * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps + * Network Operations Division Cryptographic requirements + * published on wikileaks on march 2017 */ - for (n = 0; n < 256; n++) + for (n = 0; n < 3072; n++) (void)arc4_getbyte(as); arc4_count = 1600000; }
Hi Loganaden, Loganaden Velvindron wrote,
This follows the recommendations outlined in Network Operations Division Cryptographic Requirements published on wikileaks on March 2017. We discard more bytes of the first keystream to reduce possibility of non-random bytes. This is similar to a change in FreeBSD: https://svnweb.freebsd.org/base?view=revision&revision=315225
Thanks, applied and pushed. Waldemar
-
Loganaden Velvindron -
Waldemar Brodkorb