diff options
Diffstat (limited to 'doc/manpage.d/ipsec_prng_init.3.html')
| -rw-r--r-- | doc/manpage.d/ipsec_prng_init.3.html | 204 |
1 files changed, 0 insertions, 204 deletions
diff --git a/doc/manpage.d/ipsec_prng_init.3.html b/doc/manpage.d/ipsec_prng_init.3.html deleted file mode 100644 index 27763a2bb..000000000 --- a/doc/manpage.d/ipsec_prng_init.3.html +++ /dev/null @@ -1,204 +0,0 @@ -Content-type: text/html - -<HTML><HEAD><TITLE>Manpage of IPSEC_PRNG</TITLE> -</HEAD><BODY> -<H1>IPSEC_PRNG</H1> -Section: C Library Functions (3)<BR>Updated: 1 April 2002<BR><A HREF="#index">Index</A> -<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> - - -<A NAME="lbAB"> </A> -<H2>NAME</H2> - -ipsec prng_init - initialize IPsec pseudorandom-number generator -<BR> - -ipsec prng_bytes - get bytes from IPsec pseudorandom-number generator -<BR> - -ipsec prng_final - close down IPsec pseudorandom-number generator -<A NAME="lbAC"> </A> -<H2>SYNOPSIS</H2> - -<B>#include <<A HREF="file:/usr/include/freeswan.h">freeswan.h</A>></B> - -<P> -<B>void prng_init(struct prng *prng,</B> - -<BR> - -<B>const unsigned char *key, size_t keylen);</B> - -<BR> - -<B>void prng_bytes(struct prng *prng, char *dst,</B> - -<BR> - -<B>size_t dstlen);</B> - -<BR> - -<B>unsigned long prng_count(struct prng *prng);</B> - -<BR> - -<B>void prng_final(struct prng *prng);</B> - -<A NAME="lbAD"> </A> -<H2>DESCRIPTION</H2> - -<I>Prng_init</I> - -initializes a crypto-quality pseudo-random-number generator from a key; -<I>prng_bytes</I> - -obtains pseudo-random bytes from it; -<I>prng_count</I> - -reports the number of bytes extracted from it to date; -<I>prng_final</I> - -closes it down. -It is the user's responsibility to initialize a PRNG before using it, -and not to use it again after it is closed down. -<P> - -<I>Prng_init</I> - -initializes, -or re-initializes, -the specified -<I>prng</I> - -from the -<I>key</I>, - -whose length is given by -<I>keylen</I>. - -The user must allocate the -<B>struct prng</B> - -pointed to by -<I>prng</I>. - -There is no particular constraint on the length of the key, -although a key longer than 256 bytes is unnecessary because -only the first 256 would be used. -Initialization requires on the order of 3000 integer operations, -independent of key length. -<P> - -<I>Prng_bytes</I> - -obtains -<I>dstlen</I> - -pseudo-random bytes from the PRNG and puts them in -<I>buf</I>. - -This is quite fast, -on the order of 10 integer operations per byte. -<P> - -<I>Prng_count</I> - -reports the number of bytes obtained from the PRNG -since it was (last) initialized. -<P> - -<I>Prng_final</I> - -closes down a PRNG by -zeroing its internal memory, -obliterating all trace of the state used to generate its previous output. -This requires on the order of 250 integer operations. -<P> - -The -<B><<A HREF="file:/usr/include/freeswan.h">freeswan.h</A>></B> - -header file supplies the definition of the -<B>prng</B> - -structure. -Examination of its innards is discouraged, as they may change. -<P> - -The PRNG algorithm -used by these functions is currently identical to that of RC4(TM). -This algorithm is cryptographically strong, -sufficiently unpredictable that even a hostile observer will -have difficulty determining the next byte of output from past history, -provided it is initialized from a reasonably large key composed of -highly random bytes (see -<I><A HREF="random.4.html">random</A></I>(4)). - -The usual run of software pseudo-random-number generators -(e.g. -<I><A HREF="random.3.html">random</A></I>(3)) - -are -<I>not</I> - -cryptographically strong. -<P> - -The well-known attacks against RC4(TM), -e.g. as found in 802.11b's WEP encryption system, -apply only if multiple PRNGs are initialized with closely-related keys -(e.g., using a counter appended to a base key). -If such keys are used, the first few hundred pseudo-random bytes -from each PRNG should be discarded, -to give the PRNGs a chance to randomize their innards properly. -No useful attacks are known if the key is well randomized to begin with. -<A NAME="lbAE"> </A> -<H2>SEE ALSO</H2> - -<A HREF="random.3.html">random</A>(3), <A HREF="random.4.html">random</A>(4) -<BR> - -Bruce Schneier, -<I>Applied Cryptography</I>, 2nd ed., 1996, ISBN 0-471-11709-9, -pp. 397-8. -<A NAME="lbAF"> </A> -<H2>HISTORY</H2> - -Written for the FreeS/WAN project by Henry Spencer. -<A NAME="lbAG"> </A> -<H2>BUGS</H2> - -If an attempt is made to obtain more than 4e9 bytes -between initializations, -the PRNG will continue to work but -<I>prng_count</I>'s - -output will stick at -<B>4000000000</B>. - -Fixing this would require a longer integer type and does -not seem worth the trouble, -since you should probably re-initialize before then anyway... -<P> - -``RC4'' is a trademark of RSA Data Security, Inc. -<P> - -<HR> -<A NAME="index"> </A><H2>Index</H2> -<DL> -<DT><A HREF="#lbAB">NAME</A><DD> -<DT><A HREF="#lbAC">SYNOPSIS</A><DD> -<DT><A HREF="#lbAD">DESCRIPTION</A><DD> -<DT><A HREF="#lbAE">SEE ALSO</A><DD> -<DT><A HREF="#lbAF">HISTORY</A><DD> -<DT><A HREF="#lbAG">BUGS</A><DD> -</DL> -<HR> -This document was created by -<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, -using the manual pages.<BR> -Time: 21:40:18 GMT, November 11, 2003 -</BODY> -</HTML> |