On Tue, Dec 21, 2010 at 11:59 AM, Kurt Knochner <cdowl...@googlemail.com> wrote: > This initializes the RC4 context with some random data, gathered by system > enthropy, that is mainly done by get_random_bytes(). > > ==> Bug #1 > > HOWEVER: Have a look at the buffer that's beeing used as a seed for the RC4 > key setup. It's beeing filled with the random data, BUT at the beginning it > will be filled with just the value of nanotime().
Even nanotime is better than all zeros. It's to ensure the seed values changes at least a little, even if there are no random bytes. >> if (rndstats.arc4_nstirs > 0) >> rc4_crypt(&arc4random_state, buf, buf, sizeof(buf)); > >> rc4_keysetup(&arc4random_state, buf, sizeof(buf)); >> arc4random_count = 0; >> rndstats.arc4_stirs += len; >> rndstats.arc4_nstirs++; > > HOWEVER, right after the call of rc4_crypt(), we call rc4_keysetup() with > the same 'arc4random_state'. This makes the call to rc4_crypt() useless, as > the data structure will be overwritten again with the init data of the RC4 > function. buf is an input to rc4_keysetup, not an output.
