[src/trunk]: src/lib/libc/gen Amplify comment about how quickly RC4 was known...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/lib/libc/gen Amplify comment about how quickly RC4 was known...
From: riastradh <riastradh%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 04:00:00 +0000

details:   https://anonhg.NetBSD.org/src/rev/b045f8e78f3b
branches:  trunk
changeset: 803960:b045f8e78f3b
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Mon Nov 17 15:05:12 2014 +0000

description:
Amplify comment about how quickly RC4 was known to be bad.

diffstat:

 lib/libc/gen/arc4random.3 |  24 ++++++++++++++++++------
 1 files changed, 18 insertions(+), 6 deletions(-)

diffs (38 lines):

diff -r 355b7832978d -r b045f8e78f3b lib/libc/gen/arc4random.3
--- a/lib/libc/gen/arc4random.3 Mon Nov 17 14:30:31 2014 +0000
+++ b/lib/libc/gen/arc4random.3 Mon Nov 17 15:05:12 2014 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: arc4random.3,v 1.13 2014/11/17 07:11:00 riastradh Exp $
+.\"    $NetBSD: arc4random.3,v 1.14 2014/11/17 15:05:12 riastradh Exp $
 .\"
 .\" Copyright (c) 2014 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -239,11 +239,23 @@
 .Pp
 The name
 .Sq arc4random
-was chosen for hysterical raisins, because it was originally
-implemented using the RC4 stream cipher, which is now known to be
-badly enough biased to admit practical attacks in the real world.
-Unfortunately, the library found widespread adoption and the name
-stuck before anyone recognized that it was silly.
+was chosen for hysterical raisins -- it was originally implemented
+using the RC4 stream cipher, which has been known since shortly after
+it was published in 1994 to have observable biases in the output, and
+is now known to be broken badly enough to admit practical attacks in
+the real world.
+.\" Bob Jenkins, sci.crypt post dated 1994-09-16, message-id
+.\" <359qjg$55v$1%mhadg.production.compuserve.com@localhost>,
+.\" https://groups.google.com/forum/msg/sci.crypt/JsO3xEATGFA/-wO4ttv7BCYJ
+.\"
+.\" Andrew Roos, `A Class of Weak Keys in the RC4 Stream Cipher',
+.\" sci.crypt posts dated 1995-09-22, message-ids
+ \" 43u1eh$1j3%hermes.is.co.za@localhost and 44ebge$llf%hermes.is.co.za@localhost.
+.\"
+.\" Paul Crowley, `Small bias in RC4 experimentally verified', March
+.\" 1998, http://www.ciphergoth.org/crypto/rc4/
+Unfortunately, the library found widespread adoption and the name stuck
+before anyone recognized that it was silly.
 .Pp
 The signature of
 .Fn arc4random_addrandom

Prev by Date: [src/trunk]: src/lib/libc/gen Cross-reference rnd(4).
Next by Date: [src/trunk]: src/sys Remove unused extended attributes kernel options
Previous by Thread: [src/trunk]: src/lib/libc/gen Cross-reference rnd(4).
Next by Thread: [src/trunk]: src/sys Remove unused extended attributes kernel options
Indexes:

Home | Main Index | Thread Index | Old Index