On Wed, Dec 22, 2010 at 10:44:48AM -0700, Kjell Wooding wrote: > Oh good grief. Yes, ARC4 is being used to stretch a random source. Feel free > to hunt for the distinguisher in the OpenBSD multi-consumer model. There's a > good paper in there. If you can show a distinguisher (even without > reseedings) with an equivalent number of consumers randomly pulling data > from the stream, then you might be able to tell us how long we should go > between reseeding.
I agree that there's a good paper in this, I would love to see the entropy added by the multi-consumer model quantified, or even an upper bound placed on it. In the past when I've given my talk on randomness in the OpenBSD network stack, I've discussed this and I always ask for someone to come forward with such a paper. Unfortunately I don't get the impression that the amateur cryptographers questioning the OpenBSD PRNG are qualified to produce such a paper (if they were, they wouldn't be mailing here, they'd be submitting it to real cryptographers for peer review)
