Kurt Roeckx dixit: >As far as I know, OpenBSD stopped using (A)RC4 for their random >number generation for good reason, even though the function is
They stopped, but not for good reason. But you can also use the new unlicenced algorithm they use, if you really feel like it, it’s not bad either, just lacks a proper licence. Or just use whatever libbsd ships. >still called that way. You now seems to suggest to use RC4 again, >which seems like a bad idea to me. It is not a bad idea. Using RC4 in certain environments (WEP, TLS) has its downsides, but I analysed each of them in the context of using it for a stretching RNG, and found out that, with a tweak¹², aRC4 is still good there. ① Not included in OpenBSD or libbsd, TTBOMK ② Change arc4random() to drop 1 or 2 bytes randomly, in addition to those four it reads. Change arc4random_buf() to drop 1/2/3/4 bytes randomly for every up to 256 bytes it reads. Increase the amount of bytes thrown away after rekeying to 12*256 plus some random amount of bytes. Using arc4_getbyte to determine these random amounts is correct (and takes care of one byte already). bye, //mirabilos -- “ah that reminds me, thanks for the stellar entertainment that you and certain other people provide on the Debian mailing lists │ sole reason I subscribed to them (I'm not using Debian anywhere) is the entertainment factor │ Debian does not strike me as a place for good humour, much less German admin-style humour” -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pine.bsm.4.64l.1406122048380.5...@herc.mirbsd.org
