Discard the first 1024 bytes of output as suggested by

http://citeseer.nj.nec.com/fluhrer01weaknesses.html and http://citeseer.nj.nec.com/531224.html . PR: 61126 Submitted by: Jeff Ito <jeffi@rcn.com>
2004-01-20 04:22:47 +00:00 · 2004-01-20 04:22:47 +00:00 · 60ce8b0e07
commit 60ce8b0e07
parent 5ee30e277a
1 changed files with 13 additions and 1 deletions
--- a/lib/libc/gen/arc4random.c
+++ b/lib/libc/gen/arc4random.c
@ -45,6 +45,8 @@ struct arc4_stream {
 static int rs_initialized;
 static struct arc4_stream rs;

+static inline u_int8_t arc4_getbyte(struct arc4_stream *);
+
 static inline void
 arc4_init(as)
 	struct arc4_stream *as;
@ -80,7 +82,7 @@ static void
 arc4_stir(as)
 	struct arc4_stream *as;
 {
-	int     fd;
+	int     fd, n;
 	struct {
 		struct timeval tv;
 		pid_t pid;
@ -98,6 +100,16 @@ arc4_stir(as)
 	 * stack... */

 	arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
+
+	/*
+	 * Throw away the first N bytes of output, as suggested in the
+	 * paper "Weaknesses in the Key Scheduling Algorithm of RC4"
+	 * by Fluher, Mantin, and Shamir.  N=1024 is based on
+	 * suggestions in the paper "(Not So) Random Shuffles of RC4"
+	 * by Ilya Mironov.
+	 */
+	for (n = 0; n < 1024; n++)
+		arc4_getbyte(as);
 }

 static inline u_int8_t