Re: ARC4 algorithm

> Fact: The ARC4 algorithm is multiply and badly broken.

OK, how's this for polite:

It is used because it is not nearly as broken as you claim it to be.

Perhaps you are reading different books than I am reading. Perhaps you are not aware that the code is using well documented workarounds.

Secondly, we are not using replacements that are new and as yet not well researched.

Thirdly, we are using ARC4 in places where it has specific values, and I would be utterly shocked to see you find us using it in a place where the flaws matter.

Is using ARC4 in our random number generator a security flaw? Please describe exactly how, but when you do, please don't include me in the cc.

I must thank you for your detailed analysis showing how we are using it wrong.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

Forever in your debt,

Theo.

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message Received on Tue Mar 11 19:10:23 2003