On Wed, 1 Sep 1999, Geoff Rehmet wrote:
> After a bit of work on TCP sequence numbers, and generating initial
> sequence numbers which are difficult to predict, I have put some
> code together, which I belive makes the way in which FreeBSD
> generates initial send sequence numbers more secure.
How do OpenBSD do it?
> The patch I have developed is based on RFC1948, and also takes some ideas
> from the way in which Linux calculates TCP ISS values. However, unlike
> Linux, I am keeping the code true to RFC793's requirement for a
> "fictitious" 250kHz clock. Instead of uising a cut-down MD4 transform,
> (which is what Linux does), I have used a cut-down MD5 transform, with
> round 4 removed.
Just curious whether you have a reference for doing this or whether it was
an ad-hoc change. Playing with cryptographic algorithms isn't usually a
good idea unless you're sure, as I'm sure you know.
> As with the Linux code, I am using 9 32-bit words of
> random secret, which is rekeyed every 5 minutes.
> The remainder of the sequence number generation is based on our existing
> code.
>
> I have placed the diff in
>
> http://www.freebsd.org/~csgr/tcp_sequence.diff
>
> The diff was taken against -current as at approximately 0600 GMT
> 1 September 1999.
>
> testing, comments would be appreciated.
>
> Once Mark has completed his work in devrandom, I will rather use
> devrandom as a source of randomness.
I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
PRNG - it's a more conservative design and uses primitives like SHA-1 (for
yarrow-160). I don't know how much of an impact this would be for
network performance.
Kris
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
