On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
>
>
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
>
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time
> How do OpenBSD do it?
They use arc4random(), to add a random increment.
> Just curious whether you have a reference for doing this or
> whether it was
> an ad-hoc change. Playing with cryptographic algorithms isn't
> usually a
> good idea unless you're sure, as I'm sure you know.
Yup - dead
> How do OpenBSD do it?
They use arc4random(), to add a random increment.
> Just curious whether you have a reference for doing this or
> whether it was
> an ad-hoc change. Playing with cryptographic algorithms isn't
> usually a
> good idea unless you're sure, as I'm sure you know.
Yup - dead
> I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> PRNG - it's a more conservative design and uses primitives like SHA-1 (for
> yarrow-160). I don't know how much of an impact this would be for
> network performance.
I will doing Yarrow-1.0A, once the IPSec stuff is around.
On Wed, 1 Sep 1999, Geoff Rehmet wrote:
> After a bit of work on TCP sequence numbers, and generating initial
> sequence numbers which are difficult to predict, I have put some
> code together, which I belive makes the way in which FreeBSD
> generates initial send sequence numbers
> I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> PRNG - it's a more conservative design and uses primitives like SHA-1 (for
> yarrow-160). I don't know how much of an impact this would be for
> network performance.
I will doing Yarrow-1.0A, once the IPSec stuff is around
On Wed, 1 Sep 1999, Geoff Rehmet wrote:
> After a bit of work on TCP sequence numbers, and generating initial
> sequence numbers which are difficult to predict, I have put some
> code together, which I belive makes the way in which FreeBSD
> generates initial send sequence numbers
After a bit of work on TCP sequence numbers, and generating initial
sequence numbers which are difficult to predict, I have put some
code together, which I belive makes the way in which FreeBSD
generates initial send sequence numbers more secure.
Problems with our existing scheme are that we are
After a bit of work on TCP sequence numbers, and generating initial
sequence numbers which are difficult to predict, I have put some
code together, which I belive makes the way in which FreeBSD
generates initial send sequence numbers more secure.
Problems with our existing scheme are that we are
[ Geoff Rehmet ]
> Another question that comes in to this is - how good a tool is nmap
> for evaluating the predictability of the sequence numbers we generate?
Just a funny (?) aside - while playing about with nmap here a while back,
a colleague accidentally discovered that our Digital (or Compaq
[ Geoff Rehmet ]
> Another question that comes in to this is - how good a tool is nmap
> for evaluating the predictability of the sequence numbers we generate?
Just a funny (?) aside - while playing about with nmap here a while back,
a colleague accidentally discovered that our Digital (or Compa
> Another question that comes in to this is - how good a tool is nmap
> for evaluating the predictability of the sequence numbers we generate?
>
> Ideally, I would like to do some improvements to our sequence number
> generation.
>
> Thoughts?
What is OpenBSD like in this regard ?
AFAIR it has v
A topic that Mark and I have been discussing a little, is the
algorithms that FreeBSD uses for generating initial TCP sequence
numbers - that being with reference to the predictability of
these numbers. (Work on this has been somewhere in Mark's
todo list for a while.)
This topic raises
> Another question that comes in to this is - how good a tool is nmap
> for evaluating the predictability of the sequence numbers we generate?
>
> Ideally, I would like to do some improvements to our sequence number
> generation.
>
> Thoughts?
What is OpenBSD like in this regard ?
AFAIR it has
A topic that Mark and I have been discussing a little, is the
algorithms that FreeBSD uses for generating initial TCP sequence
numbers - that being with reference to the predictability of
these numbers. (Work on this has been somewhere in Mark's
todo list for a while.)
This topic raises
18 matches
Mail list logo
