Discard 3072 bytes instead of 256 bytes

This follows the recommendations outlined in Network Operations Division
Cryptographic Requirements published on wikileaks on March 2017.
We discard more bytes of the first keystream to reduce possibility of
non-random bytes.
This is similar to a change in FreeBSD:
https://svnweb.freebsd.org/base?view=revision&revision=315225

Signed-off-by: Loganaden Velvindron <[email protected]>

diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c
index 0013612e9d93207f0389b85f4a39431f0b78294c..03b2234ae12949ca28e7b7494b23efb2044b54cf 100644 (file)
--- a/libc/stdlib/arc4random.c
+++ b/libc/stdlib/arc4random.c
@@ -152,10 +152,11 @@ arc4_stir(struct arc4_stream *as)
        arc4_addrandom(as, rnd, sizeof(rnd));
 
        /*
-        * Discard early keystream, as per recommendations in:
-        * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+        * Discard early keystream, as per recommendations.
+         * Network Operations Division Cryptographic requirements                                                                                    
+         * published on wikileaks on march 2017
         */
-       for (n = 0; n < 256; n++)
+       for (n = 0; n < 3072; n++)
                (void)arc4_getbyte(as);
        arc4_count = 1600000;
 }