As per the recommendations outlined in Network Operations Division Cryptographic Requirements published on Wikileaks on March 2017. We discard more bytes of the first keysteam to reduce the possibility of non-random bytes. Similar to a change in FreeBSD: https://svnweb.freebsd.org/base?view=revision&revision=315225
Signed-off-by: Codarren Velvindron <[email protected]> --- libc/stdlib/arc4random.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c index 0013612..4801886 100644 --- a/libc/stdlib/arc4random.c +++ b/libc/stdlib/arc4random.c @@ -154,8 +154,11 @@ arc4_stir(struct arc4_stream *as) /* * Discard early keystream, as per recommendations in: * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps + * As per the Network Operations Division, cryptographic requirements + * published on wikileaks on March 2017 */ - for (n = 0; n < 256; n++) + + for (n = 0; n < 3072; n++) (void)arc4_getbyte(as); arc4_count = 1600000; } -- 2.7.4 _______________________________________________ uClibc mailing list [email protected] http://lists.busybox.net/mailman/listinfo/uclibc
