Discard 3072 bytes instead of 256 bytes
Created attachment 304896 [details] Discard 3072 bytes instead of 256 bytes
This follows the recommendations outlined in Network Operations Division Cryptographic Requirements published on wikileaks on March 2017. We discard more bytes of the first keystream to reduce possibility of non-random bytes.
This change is similar to https://svnweb.freebsd.org/base?view=revision&revision=315225
Comment on attachment 304896 [details] Discard 3072 bytes instead of 256 bytes Thank you for writing up a patch. I'm not sure I'm knowledgeable enough to review this patch, but for starters, you need to create a ChangeLog entry, and document why you're making this change in there. See https://webkit.org/contributing-code/ for the process. r- for now because the ChangeLog is missing.
I believe the correct thing to do is to just drop rc4 (for which there is a separate patch)
(In reply to Oliver Hunt from comment #5) > I believe the correct thing to do is to just drop rc4 (for which there is a > separate patch) Did that end up happening? The code in Source/WTF/wtf/CryptographicallyRandomNumber.cpp appears unchanged.