Hi, On 2022-4-6, at 5:05, Daniel Migault <[email protected]> wrote: > Section 2. , paragraph 6, comment: > > [RFC4303] does not require the SPI to be randomly generated over 32 > > bits. However, this is the recommended way to generate SPIs as it > > provides some privacy benefits and avoids, for example, correlation > > between ESP communications. To randomly generate a 32 bit SPI, the > > node generates a random 32 bit valueand checks it does not fall in > > the 0-255 range. If the SPI has an acceptable value, it is used to > > index the inbound session, otherwise the SPI is re-generated until an > > acceptable value is found. > > Wouldn't it be simpler to compute a 24-bit random value and left-shift it by > eight? Or left-shift the 32-bit value; both remove the need to check. > > I think the situation we want to avoid is to have the 24 right most bits to > be set to zero. With a random 32 bit value, the probability to have are > rejected value is 2**8 / 2**32. If you take a 24 bit value that you > left-shift by eight that probability becomes 2**8/2**24. If you take a 32 bit > value you left shift by eight that probability becomes 2**16/2**32. Unless > I am missing something, we cannot avoid the check.
nowhere in the text does it say that avoiding that the 24 rightmost bits be zero is a goal? (And don't you mean leftmost?) It talks about avoiding values between 0-255, which you could do by shifting a value >0 or by clearing the bottom eight bits (for a value >255). Thanks, Lars
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
