From 18449bdc8a3b70f7c2194daf851b81638206dc13 Mon Sep 17 00:00:00 2001
From: Mirek Kratochvil <exa.exa@gmail.com>
Date: Sat, 25 May 2013 17:13:33 +0200
Subject: [PATCH] arcfour: greatly increase discard parameters

Okay, this thing got public so it's time to make the RC4 rugged. Not
that I'd know about something that would break current implementation,
but it's nice to at least do the recommended discard correctly.

We'll probably be adding better symmetric ciphers anyway.

Note that this is an incompatible change (again). FMTSeq private keys
will need to be replaced. Existing signature validity doesn't change.
Encrypted messages will not be possible to decrypt.
---
 src/algos_enc.cpp | 6 ++++--
 src/fmtseq.cpp    | 2 +-
 src/generator.cpp | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/algos_enc.cpp b/src/algos_enc.cpp
index 0da60e9..8042a80 100644
--- a/src/algos_enc.cpp
+++ b/src/algos_enc.cpp
@@ -231,6 +231,8 @@ static bool message_unpad (std::vector<byte> in, bvector&out)
  * otherwise it probably fails. miserably.
  */
 
+#define arcfour_discard 4096
+
 template < class pubkey_type,
          int plainsize,
          int ciphersize,
@@ -294,7 +296,7 @@ static int fo_encrypt (const bvector&plain, bvector&cipher,
 		                               K.begin() + ( (i + 1) << 8) ) );
 		arc.load_key (subkey);
 	}
-	arc.discard (256);
+	arc.discard (arcfour_discard);
 	for (i = 0; i < M.size(); ++i) M[i] = M[i] ^ arc.gen();
 
 	//append the message part to the ciphertext
@@ -359,7 +361,7 @@ static int fo_decrypt (const bvector&cipher, bvector&plain,
 		                               K.begin() + ( (i + 1) << 8) ) );
 		arc.load_key (subkey);
 	}
-	arc.discard (256);
+	arc.discard (arcfour_discard);
 	//decrypt the message part
 	for (i = 0; i < M.size(); ++i) M[i] = M[i] ^ arc.gen();
 
diff --git a/src/fmtseq.cpp b/src/fmtseq.cpp
index 0777721..389f254 100644
--- a/src/fmtseq.cpp
+++ b/src/fmtseq.cpp
@@ -35,7 +35,7 @@ void prepare_keygen (arcfour<byte>& kg, const std::vector<byte>&SK, uint idx)
 	}
 	tmp.resize (16, 0); //prevent chaining to other numbers
 	kg.load_key (tmp);
-	kg.discard (256);
+	kg.discard (4096);
 }
 
 static void add_zero_checksum (bvector& v)
diff --git a/src/generator.cpp b/src/generator.cpp
index c694916..364587b 100644
--- a/src/generator.cpp
+++ b/src/generator.cpp
@@ -42,6 +42,6 @@ void arcfour_rng::seed (uint bits, bool quick)
 	f.close();
 
 	r.load_key (s);
-	r.discard (256);
+	r.discard (4096);
 }