Hi SM,
I saw your comment [1] on twitter about this catchy title by a press in
Mauritius about defying the Central Intelligence Agency (CIA). You asked
whether it is about RC4 and the answer was affirmative. Your next tweet
includes a link [2] to the version control repository of FreeBSD. Did I
understand well that the patch for 'arc4random.c' is suggested as a
bandaid [3]?
I had a glance at the paper [4] by Ilya Mironov in which he proposed
dumping at least the first 512 bytes of the RC4 stream cipher output.
I imagine your tweet intended a *pun* but I am not sure which was it,
the bandaid part (which means the patch is just temporary, until a
stronger pseudorandom number generator is used) or is it completely
missing due credits to Ilya Mironov?
[1]
https://twitter.com/sminmu/status/850221617191960576
[2]
https://svnweb.freebsd.org/base?view=revision&revision=315225
[3]
https://c1.staticflickr.com/1/207/483539408_30c7b8c2a4_b.jpg
[4]
https://eprint.iacr.org/2002/067.pdf
Regards,
--
Ish Sookun
I drink coffee and manage Linux servers for lexpress.mu.
Received on Mon Apr 10 2017 - 18:47:31 PST
