Discard 3072 bytes instead of 256 bytes

Submitted by Codarren Velvindron on March 18, 2017, 2:08 p.m.

Details

Message ID 20170318140813.GA8925@codarren-MS-7758
State New
Headers show

Commit Message

Codarren Velvindron March 18, 2017, 2:08 p.m.
As per the recommendations outlined in Network Operations Division
Cryptographic Requirements published on Wikileaks on March 2017.
We discard more bytes of the first keysteam
to reduce the possibility of non-random bytes.
Similar to a change in FreeBSD:
https://svnweb.freebsd.org/base?view=revision&revision=315225

Signed-off-by: Codarren Velvindron <codarren@hackers.mu>
---
 libc/stdlib/arc4random.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c
index 0013612..4801886 100644
--- a/libc/stdlib/arc4random.c
+++ b/libc/stdlib/arc4random.c
@@ -154,8 +154,11 @@  arc4_stir(struct arc4_stream *as)
 	/*
 	 * Discard early keystream, as per recommendations in:
 	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+	 * As per the Network Operations Division, cryptographic requirements
+	 * published on wikileaks on March 2017
 	 */
-	for (n = 0; n < 256; n++)
+
+	for (n = 0; n < 3072; n++)
 		(void)arc4_getbyte(as);
 	arc4_count = 1600000;
 }