Discard 3072 bytes instead of 256 bytes

This follows the recommendations outlined in Network Operations Division Cryptographic Requirements published on wikileaks on March 2017. We discard more bytes of the first keystream to reduce possibility of non-random bytes. This is similar to a change in FreeBSD: https://svnweb.freebsd.org/base?view=revision&revision=315225 Signed-off-by: Loganaden Velvindron <logan@hackers.mu>
author: Loganaden Velvindron <logan@hackers.mu> 2017-03-17 19:25:03 +0100
committer: Waldemar Brodkorb <wbx@openadk.org> 2017-03-17 21:46:25 +0100
commit: 66312a40abed2d430361eb262468607f60099c96 (patch)
tree: 455942917bca97c8c6e2295d983b3e5ae60a2587 /libc/stdlib/arc4random.c
parent: 2e4d3492e6627fc9d4c34de104a6ebe6f84ac1e9 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c
index 0013612e9..03b2234ae 100644
--- a/libc/stdlib/arc4random.c
+++ b/libc/stdlib/arc4random.c
@@ -152,10 +152,11 @@ arc4_stir(struct arc4_stream *as)
 	arc4_addrandom(as, rnd, sizeof(rnd));
 
 	/*
-	 * Discard early keystream, as per recommendations in:
-	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+	 * Discard early keystream, as per recommendations.
+         * Network Operations Division Cryptographic requirements                                                                                    
+         * published on wikileaks on march 2017
 	 */
-	for (n = 0; n < 256; n++)
+	for (n = 0; n < 3072; n++)
 		(void)arc4_getbyte(as);
 	arc4_count = 1600000;
 }
author	Loganaden Velvindron <logan@hackers.mu>	2017-03-17 19:25:03 +0100
committer	Waldemar Brodkorb <wbx@openadk.org>	2017-03-17 21:46:25 +0100
commit	66312a40abed2d430361eb262468607f60099c96 (patch)
tree	455942917bca97c8c6e2295d983b3e5ae60a2587 /libc/stdlib/arc4random.c
parent	2e4d3492e6627fc9d4c34de104a6ebe6f84ac1e9 (diff)