Date: Sun, 10 Jun 2001 23:37:14 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Barney Wolff <barney@databus.com> Cc: <freebsd-net@FreeBSD.ORG>, <freebsd-arch@FreeBSD.ORG> Subject: Re: New TCP sequence number generation algorithm; review needed Message-ID: <20010610231754.I841-100000@achilles.silby.com> In-Reply-To: <20010610231129.A86387@tp.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Jun 2001, Barney Wolff wrote: > 1. It is a misnomer to refer to "shared secret" in RFC 1948. The > secret is not shared with any entity. Point taken, I should have worded that differently. I'm not sure what the correct term is, in this case. > 2. Implying that because DES can be brute-forced that MD5 can be > brute-forced is just silly. Yes, in another 100 years, if Moore's > Law continues to hold, which is unlikely. The important point to note is that we're not talking about pure MD5 here; only 32 bits of the hash is used. I'm not a cryptologist by any means, but I would imagine that the security of the hash is reduced greatly by that change. Even though the hash is probably still very strong, the idea of having a single master key (so to speak) controlling the generation of all ISNs still worries me. Well, either way, we'll see what comments this algorithm gets from those on end2end. There could be a fatal flaw I haven't seen precisely because I'm not a cryptologist. :) > Suggestion - write an internet-draft and get the end2end group > to endorse your scheme, rather than commiting FreeBSD to it. I've been asked by others to talk to end2end, and I will be doing that soon. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010610231754.I841-100000>