This follows the recommendations outlined in Network Operations Division
Cryptographic Requirements published on wikileaks on March 2017.
We discard more bytes of the first keystream to reduce possibility of
non-random bytes.
This is similar to a change in FreeBSD:
https://svnweb.freebsd.org/base?view=revision&revision=315225
Signed-off-by: Loganaden Velvindron <logan(a)hackers.mu>
---
libc/stdlib/arc4random.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c
index 0013612..8b62931 100644
--- a/libc/stdlib/arc4random.c
+++ b/libc/stdlib/arc4random.c
@@ -153,9 +153,10 @@ arc4_stir(struct arc4_stream *as)
/*
* Discard early keystream, as per recommendations in:
- *
http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+ * Network Operations Division Cryptographic requirements
+ * published on wikileaks on march 2017
*/
- for (n = 0; n < 256; n++)
+ for (n = 0; n < 3072; n++)
(void)arc4_getbyte(as);
arc4_count = 1600000;
}
--
2.9.3