On Wed, Dec 22, 2010 at 2:24 PM, Marsh Ray <[email protected]> wrote: > This one does it in 2^26 bytes: > http://www.iacr.org/cryptodb/data/paper.php?pubkey=2597 > > Let's see, (libc)arc4random.c says: >> arc4_count = 1600000; > > That's about 2^20 so you'd get 41 reseedings generating that much input > data. But how much would these reseedings disrupt the statistics process? > > This distinguisher works by looking at the probability of pairs of bytes > being repeated (2 to 5 times) within a certain number of rounds (having a > gap 'g' between them). Fig 3 shows their results for gaps from 0 to 60. It > looks like the data collection cost incurred by a reseeding would comparable > to the amount recommended to skip after initialization: 256 bytes.
I'm not sure how you arrived at this result. The new stream is unrelated to the old one. Otherwise, why not just treat all RC4 streams as the same?
