* Amarendra Godbole <[EMAIL PROTECTED]> [2008-03-14 08:37:18]: > DeepSight alert services (Symantec) notified me that OpenBSD has also > fixed the DNS cache poisoning and predictable IP ID weakness. I also > see PRNG related changes to 4.3. If my memory serves me right, my > impression was this was not an issue that bothered OBSD much, and as > such the developers had decided they won't (?) fix it. I would > appreciate to get an insight as to why this change in decision took > place (yeah, I am also okay if I get an answer like "some dev had some > time at hand". :)) > > My intention is not to question as to why this was fixed, but as to > why a change in decision from "not fix -> fix". Thanks. > > -Amarendra >
16 bits for a pseudo-random field that has a few constraints on it is pretty bad. That's why anybody would be reluctant to work out some new algorithm, because the problem is not in the algorithm, but in the implementations that need it. You'll probably see this problem crop up over and over and over. I believe what was changed in the Open tree came from / was inspired by DragonFly. -- Travers Buda