From owner-freebsd-net  Thu Jul 26 10:24:25 2001
Delivered-To: freebsd-net@freebsd.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP
	id BD91737B408; Thu, 26 Jul 2001 10:24:17 -0700 (PDT)
	(envelope-from tlambert2@mindspring.com)
Received: from mindspring.com (dialup-209.245.129.59.Dial1.SanJose1.Level3.net [209.245.129.59])
	by falcon.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id KAA16960;
	Thu, 26 Jul 2001 10:24:02 -0700 (PDT)
Message-ID: <3B605255.EDBA1D3C@mindspring.com>
Date: Thu, 26 Jul 2001 10:24:37 -0700
From: Terry Lambert <tlambert2@mindspring.com>
Reply-To: tlambert2@mindspring.com
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Barney Wolff <barney@databus.com>
Cc: Sean Chittenden <sean-freebsd-arch@chittenden.org>,
	Mike Silbersack <silby@silby.com>, arch@FreeBSD.ORG, net@FreeBSD.ORG
Subject: Re: TCP sequence numbers: RFC1948 patch ready for testing
References: <20010725032805.A21133@tp.databus.com> <20010725185434.V35719-100000@achilles.silby.com> <20010725173859.C65546@rand.tgd.net> <20010725213812.A28964@tp.databus.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Barney Wolff wrote:
> Existing sessions would not be broken by rekeying.  The risk is that
> some new session might fail - and this can happen any time a new
> session with the same tuple starts shortly after an old session which
> spans the rekeying event ends.
> 
> If it becomes possible to brute-force (or smart-sneak) reverse MD5
> in less time than the life of the Universe, the right answer is to
> change the hash, not to rekey.
> 
> You guys don't seem to want to believe RFC1948:
> 
>    Note that the secret cannot easily be changed on a live machine.
>    Doing so would change the initial sequence numbers used for
>    reincarnated connections; to maintain safety, either dead connection
>    state must be kept or a quiet time observed for two maximum segment
>    lifetimes after such a change.
> 
> Have you asked Steve Bellovin <smb@research.att.com> whether he still
> stands by those words?  He's not that unapproachable, despite being
> one of the most prominent folks in computer networking and security
> around.  But he earned that reputation by being right, pretty close
> to 100% of the time.

Consider that sequence number rollover is faster than you think
on a Gigabit system.  200,000 packets a second on unoptimized
firmware is not impossible, and the theoretical maximum is closer
to 1/2 million a second...

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message