https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239724
--- Comment #3 from Conrad Meyer <c...@freebsd.org> ---
So the random data in this case is being used as a one-time pad in a message to
ourself to provide privacy. The OTP is subject to forgery.
Since we're talking to ourselves, we have other options.
We could put a MAC on it to prevent forgery. Then we just have classic AEAD or
EtM on the payload data ("now").
Or we could just keep a local association of random tokens to send times in the
program (any map data structure), and just send the tokens and look up echo
time on response.
The latter requires some modest memory use that doesn't seem to matter in
typical ping use ("-i 1"). The former doesn't require the additional memory
use.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
