After a bit of work on TCP sequence numbers, and generating initial
sequence numbers which are difficult to predict, I have put some
code together, which I belive makes the way in which FreeBSD
generates initial send sequence numbers more secure.
Problems with our existing scheme are that we are using a PRNG, which
is seeded to start from zero, and thus we are open to attack, since the
PRNG is statistically, but not cryptogrphically random.
At the moment, my code still uses random() from libkern, but there
are some sources of entropy in the way random() is reseeded on a regular
basis, using values like the microseconds of the system clock, the
current tcp_iss value, and the tcp endpoints of the last tcp connection.
The patch I have developed is based on RFC1948, and also takes some ideas
from the way in which Linux calculates TCP ISS values. However, unlike
Linux, I am keeping the code true to RFC793's requirement for a
"fictitious" 250kHz clock. Instead of uising a cut-down MD4 transform,
(which is what Linux does), I have used a cut-down MD5 transform, with
round 4 removed. As with the Linux code, I am using 9 32-bit words of
random secret, which is rekeyed every 5 minutes.
The remainder of the sequence number generation is based on our existing
code.
I have placed the diff in
http://www.freebsd.org/~csgr/tcp_sequence.diff
The diff was taken against -current as at approximately 0600 GMT
1 September 1999.
testing, comments would be appreciated.
Once Mark has completed his work in devrandom, I will rather use
devrandom as a source of randomness.
(The code still needs a little tidying.)
Geoff.
--
Geoff Rehmet, The Internet Solution - Infrastructure
tel: +27-11-283-5462, fax: +27-11-283-5401 mobile: +27-83-292-5800
email: [EMAIL PROTECTED]
URL: http://www.is.co.za
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
