You saw the official status. Increased public attention rarely changes a technical opinion around here.
Reading the bugtraq link indicates that in other OSes, the default sysctl disables the PRNG, resulting in a sequential IP ID counter. Anyone with half a brain can see that sequential is infinitely worse than a weak PRNG. I didn't look up the others, but FreeBSD CVS indicates that their fixed PRNG is still not enabled by default. How's that for security? Also, I thought BIND 9 had its own PRNG flaws, which is what prompted OpenBSD to provide their own in the first place. What algorithm is BIND 9 currently using? At any rate, OpenBSD developers likely believe (or know from firsthand experience) that there are already satisfactory measures that can be taken by concerned admins to secure DNS or other traffic. If superior methods are already available and improving this PRNG has minimal overall benefit, it is therefore uninteresting and of low priority. Note that this does not preclude it from ever being fixed. If you are that concerned about the issue, you are certainly welcome to patch and compile it yourself. IIRC, the fields affected by this PRNG flaw were originally intended to be sequential counters, and therefore must be monotonic. Simply swapping in a "more random" PRNG doesn't necessarily come without repercussions. OpenBSD developers may be waiting for real-world evidence or independent research indicating that the new PRNG causes a minimum of compatibility problems, is cryptographically better than the old one, and has suitable performance characteristics. Just my unsolicited take on the situation... --david On Feb 10, 2008 1:41 PM, <[EMAIL PROTECTED]> wrote: > I would like to get the point of the developers related to the PRNG issue > wich was discovered last year. > > Back then OpenBSD developers said OpenBSD is not affected but now I read a > Slashdot-Article wich links to informations wich say the total opposite. > > http://it.slashdot.org/it/08/02/10/0136236.shtml > leads to: > http://readlist.com/lists/securityfocus.com/bugtraq/4/22004.html > > So could somebody finaly tell me what's the status about it? > And please no "oBSD rocks" or "OpenBSD sucks" or "We're l33t and > unbreakable ubercoders" talks. I think the informations provided are > pretty "omg" and bad PR too :-/ > > "OpenBSD's coordinator stated, in an email, that OpenBSD is completely > uninterested in the problem and that the problem is completely irrelevant > in the real world." > > So I would be happy about a technical explantation why so many (even BSD > projects) think it's a problem but OpenBSD does not. > > Another "omg" comment: > > > "Interestingly enough, OpenBSD uses a flavor of this PRNG for > another field, this time the IP fragmentation ID, part of the > OpenBSD kernel network stack. The analysis carries out quite > similarly to show that OpenBSD's IP ID is predictable as well, > which gives way to O/S fingerprinting, idle-scanning, host alias > detection, traffic analysis, and in some cases, even to TCP blind > data injection." > > That doesn't sound like "Theory" but like a PoC wich lays arround > somewhere.... > > Sebastian > > p.s. > I hate registrations (even if I may have used fake data) so: > http://www.trusteer.com/docs/DNS_Poisoning_paper.pdf
