Discard first 256 bytes of keystream, as per recommendation in

"Weaknesses in the Key Scheduling Algorithm of RC4", Fluhrer, Mantin and
Shamir. ok itojun@

src/lib/libc/crypt/arc4random.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random.c,v 1.9 2003/08/16 19:07:40 tedu Exp $	*/
+/*	$OpenBSD: arc4random.c,v 1.10 2003/11/26 21:40:08 djm Exp $	*/
 
 /*
  * Arc4 random number generator for OpenBSD.
@@ -48,6 +48,8 @@ static int rs_initialized;
 static struct arc4_stream rs;
 static pid_t arc4_stir_pid;
 
+static inline u_int8_t arc4_getbyte(struct arc4_stream *);
+
 static inline void
 arc4_init(struct arc4_stream *as)
 {
@@ -98,6 +100,13 @@ arc4_stir(struct arc4_stream *as)
 
 	arc4_stir_pid = getpid();
 	arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
+
+	/*
+	 * Discard early keystream, as per recommendations in:
+	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+	 */
+	for (i = 0; i < 256; i++)
+		(void) arc4_getbyte(as);
 }
 
 static inline u_int8_t