On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
>
>
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
>
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time
> How do OpenBSD do it?
They use arc4random(), to add a random increment.
> Just curious whether you have a reference for doing this or
> whether it was
> an ad-hoc change. Playing with cryptographic algorithms isn't
> usually a
> good idea unless you're sure, as I'm sure you know.
Yup - dead
> How do OpenBSD do it?
They use arc4random(), to add a random increment.
> Just curious whether you have a reference for doing this or
> whether it was
> an ad-hoc change. Playing with cryptographic algorithms isn't
> usually a
> good idea unless you're sure, as I'm sure you know.
Yup - dead
> I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> PRNG - it's a more conservative design and uses primitives like SHA-1 (for
> yarrow-160). I don't know how much of an impact this would be for
> network performance.
I will doing Yarrow-1.0A, once the IPSec stuff is around.
On Wed, 1 Sep 1999, Geoff Rehmet wrote:
> After a bit of work on TCP sequence numbers, and generating initial
> sequence numbers which are difficult to predict, I have put some
> code together, which I belive makes the way in which FreeBSD
> generates initial send sequence numbers more secure.
Ho
> I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> PRNG - it's a more conservative design and uses primitives like SHA-1 (for
> yarrow-160). I don't know how much of an impact this would be for
> network performance.
I will doing Yarrow-1.0A, once the IPSec stuff is around
On Wed, 1 Sep 1999, Geoff Rehmet wrote:
> After a bit of work on TCP sequence numbers, and generating initial
> sequence numbers which are difficult to predict, I have put some
> code together, which I belive makes the way in which FreeBSD
> generates initial send sequence numbers more secure.
H
10 matches
Mail list logo
