You saw the official status. Increased public attention rarely
changes a technical opinion around here.
Reading the bugtraq link indicates that in other OSes, the default
sysctl disables the PRNG, resulting in a sequential IP ID counter.
Anyone with half a brain can see that sequential is infinitely worse
than a weak PRNG. I didn't look up the others, but FreeBSD CVS
indicates that their fixed PRNG is still not enabled by default.
How's that for security?
Also, I thought BIND 9 had its own PRNG flaws, which is what prompted
OpenBSD to provide their own in the first place. What algorithm is
BIND 9 currently using?
At any rate, OpenBSD developers likely believe (or know from firsthand
experience) that there are already satisfactory measures that can be
taken by concerned admins to secure DNS or other traffic. If superior
methods are already available and improving this PRNG has minimal
overall benefit, it is therefore uninteresting and of low priority.
Note that this does not preclude it from ever being fixed. If you are
that concerned about the issue, you are certainly welcome to patch and
compile it yourself.
IIRC, the fields affected by this PRNG flaw were originally intended
to be sequential counters, and therefore must be monotonic. Simply
swapping in a "more random" PRNG doesn't necessarily come without
repercussions. OpenBSD developers may be waiting for real-world
evidence or independent research indicating that the new PRNG causes a
minimum of compatibility problems, is cryptographically better than
the old one, and has suitable performance characteristics.
Just my unsolicited take on the situation...
--david
On Feb 10, 2008 1:41 PM, <[EMAIL PROTECTED]> wrote:
> I would like to get the point of the developers related to the PRNG issue
> wich was discovered last year.
>
> Back then OpenBSD developers said OpenBSD is not affected but now I read a
> Slashdot-Article wich links to informations wich say the total opposite.
>
> http://it.slashdot.org/it/08/02/10/0136236.shtml
> leads to:
> http://readlist.com/lists/securityfocus.com/bugtraq/4/22004.html
>
> So could somebody finaly tell me what's the status about it?
> And please no "oBSD rocks" or "OpenBSD sucks" or "We're l33t and
> unbreakable ubercoders" talks. I think the informations provided are
> pretty "omg" and bad PR too :-/
>
> "OpenBSD's coordinator stated, in an email, that OpenBSD is completely
> uninterested in the problem and that the problem is completely irrelevant
> in the real world."
>
> So I would be happy about a technical explantation why so many (even BSD
> projects) think it's a problem but OpenBSD does not.
>
> Another "omg" comment:
>
>
> "Interestingly enough, OpenBSD uses a flavor of this PRNG for
> another field, this time the IP fragmentation ID, part of the
> OpenBSD kernel network stack. The analysis carries out quite
> similarly to show that OpenBSD's IP ID is predictable as well,
> which gives way to O/S fingerprinting, idle-scanning, host alias
> detection, traffic analysis, and in some cases, even to TCP blind
> data injection."
>
> That doesn't sound like "Theory" but like a PoC wich lays arround
> somewhere
>
> Sebastian
>
> p.s.
> I hate registrations (even if I may have used fake data) so:
> http://www.trusteer.com/docs/DNS_Poisoning_paper.pdf
