RE: TCP sequence numbers
On Thu, 2 Sep 1999, Geoff Rehmet wrote: > > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing > > PRNG - it's a more conservative design and uses primitives > > like SHA-1 (for > > yarrow-160). I don't know how much of an impact this would be for > > network performance. > > If it is only used to generate a secret every 5 minutes, that should not > be a problem. Hrm. RFC 1948 seems to warn against changing the secret while "live". It's not immediately obvious to me why this is so. Kris To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
RE: TCP sequence numbers
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time to read through the patch yet, I'm sorry.
> > Just curious whether you have a reference for doing this or
> > whether it was an ad-hoc change. Playing with cryptographic
> > algorithms isn't usually a good idea unless you're sure, as I'm
> > sure you know.
>
> Yup - dead right. The requirements in this instance are however
> also slightly different to what you normally use a cryptographic
> hash for. I want to let the code be picked at a bit before
> it goes into the tree though.
What speed difference is there between MD5 and your cut-down version? Have
you benchmarked performance differences in general?
I'm also still curious about your rationale/references for modifying MD5
in that way.
The other comment I have is that this should probably be hidden behind a
sysctl for configurability and to appease folks who might not like it.
> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
>
> If it is only used to generate a secret every 5 minutes, that should
> not be a problem.
Sounds reasonable.
Kris
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
RE: TCP sequence numbers
On Thu, 2 Sep 1999, Geoff Rehmet wrote: > > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing > > PRNG - it's a more conservative design and uses primitives > > like SHA-1 (for > > yarrow-160). I don't know how much of an impact this would be for > > network performance. > > If it is only used to generate a secret every 5 minutes, that should not > be a problem. Hrm. RFC 1948 seems to warn against changing the secret while "live". It's not immediately obvious to me why this is so. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: TCP sequence numbers
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time to read through the patch yet, I'm sorry.
> > Just curious whether you have a reference for doing this or
> > whether it was an ad-hoc change. Playing with cryptographic
> > algorithms isn't usually a good idea unless you're sure, as I'm
> > sure you know.
>
> Yup - dead right. The requirements in this instance are however
> also slightly different to what you normally use a cryptographic
> hash for. I want to let the code be picked at a bit before
> it goes into the tree though.
What speed difference is there between MD5 and your cut-down version? Have
you benchmarked performance differences in general?
I'm also still curious about your rationale/references for modifying MD5
in that way.
The other comment I have is that this should probably be hidden behind a
sysctl for configurability and to appease folks who might not like it.
> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
>
> If it is only used to generate a secret every 5 minutes, that should
> not be a problem.
Sounds reasonable.
Kris
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
RE: TCP sequence numbers
> How do OpenBSD do it? They use arc4random(), to add a random increment. > Just curious whether you have a reference for doing this or > whether it was > an ad-hoc change. Playing with cryptographic algorithms isn't > usually a > good idea unless you're sure, as I'm sure you know. Yup - dead right. The requirements in this instance are however also slightly different to what you normally use a cryptographic hash for. I want to let the code be picked at a bit before it goes into the tree though. > > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing > PRNG - it's a more conservative design and uses primitives > like SHA-1 (for > yarrow-160). I don't know how much of an impact this would be for > network performance. If it is only used to generate a secret every 5 minutes, that should not be a problem. To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
RE: TCP sequence numbers
> How do OpenBSD do it? They use arc4random(), to add a random increment. > Just curious whether you have a reference for doing this or > whether it was > an ad-hoc change. Playing with cryptographic algorithms isn't > usually a > good idea unless you're sure, as I'm sure you know. Yup - dead right. The requirements in this instance are however also slightly different to what you normally use a cryptographic hash for. I want to let the code be picked at a bit before it goes into the tree though. > > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing > PRNG - it's a more conservative design and uses primitives > like SHA-1 (for > yarrow-160). I don't know how much of an impact this would be for > network performance. If it is only used to generate a secret every 5 minutes, that should not be a problem. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: TCP sequence numbers
> I'd expect Yarrow to be (perhaps quite a bit) slower than our existing > PRNG - it's a more conservative design and uses primitives like SHA-1 (for > yarrow-160). I don't know how much of an impact this would be for > network performance. I will doing Yarrow-1.0A, once the IPSec stuff is around. I expect to be able to tweak it so that this his is not too heavy, and customisable. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
Re: TCP sequence numbers
On Wed, 1 Sep 1999, Geoff Rehmet wrote: > After a bit of work on TCP sequence numbers, and generating initial > sequence numbers which are difficult to predict, I have put some > code together, which I belive makes the way in which FreeBSD > generates initial send sequence numbers more secure. How do OpenBSD do it? > The patch I have developed is based on RFC1948, and also takes some ideas > from the way in which Linux calculates TCP ISS values. However, unlike > Linux, I am keeping the code true to RFC793's requirement for a > "fictitious" 250kHz clock. Instead of uising a cut-down MD4 transform, > (which is what Linux does), I have used a cut-down MD5 transform, with > round 4 removed. Just curious whether you have a reference for doing this or whether it was an ad-hoc change. Playing with cryptographic algorithms isn't usually a good idea unless you're sure, as I'm sure you know. > As with the Linux code, I am using 9 32-bit words of > random secret, which is rekeyed every 5 minutes. > The remainder of the sequence number generation is based on our existing > code. > > I have placed the diff in > > http://www.freebsd.org/~csgr/tcp_sequence.diff > > The diff was taken against -current as at approximately 0600 GMT > 1 September 1999. > > testing, comments would be appreciated. > > Once Mark has completed his work in devrandom, I will rather use > devrandom as a source of randomness. I'd expect Yarrow to be (perhaps quite a bit) slower than our existing PRNG - it's a more conservative design and uses primitives like SHA-1 (for yarrow-160). I don't know how much of an impact this would be for network performance. Kris To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
Re: TCP sequence numbers
> I'd expect Yarrow to be (perhaps quite a bit) slower than our existing > PRNG - it's a more conservative design and uses primitives like SHA-1 (for > yarrow-160). I don't know how much of an impact this would be for > network performance. I will doing Yarrow-1.0A, once the IPSec stuff is around. I expect to be able to tweak it so that this his is not too heavy, and customisable. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: TCP sequence numbers
On Wed, 1 Sep 1999, Geoff Rehmet wrote: > After a bit of work on TCP sequence numbers, and generating initial > sequence numbers which are difficult to predict, I have put some > code together, which I belive makes the way in which FreeBSD > generates initial send sequence numbers more secure. How do OpenBSD do it? > The patch I have developed is based on RFC1948, and also takes some ideas > from the way in which Linux calculates TCP ISS values. However, unlike > Linux, I am keeping the code true to RFC793's requirement for a > "fictitious" 250kHz clock. Instead of uising a cut-down MD4 transform, > (which is what Linux does), I have used a cut-down MD5 transform, with > round 4 removed. Just curious whether you have a reference for doing this or whether it was an ad-hoc change. Playing with cryptographic algorithms isn't usually a good idea unless you're sure, as I'm sure you know. > As with the Linux code, I am using 9 32-bit words of > random secret, which is rekeyed every 5 minutes. > The remainder of the sequence number generation is based on our existing > code. > > I have placed the diff in > > http://www.freebsd.org/~csgr/tcp_sequence.diff > > The diff was taken against -current as at approximately 0600 GMT > 1 September 1999. > > testing, comments would be appreciated. > > Once Mark has completed his work in devrandom, I will rather use > devrandom as a source of randomness. I'd expect Yarrow to be (perhaps quite a bit) slower than our existing PRNG - it's a more conservative design and uses primitives like SHA-1 (for yarrow-160). I don't know how much of an impact this would be for network performance. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
