Date: Wed, 1 Sep 1999 08:56:40 +0200 (SAST) From: Geoff Rehmet <geoff@hangdog.is.co.za> To: hackers@freebsd.org Cc: markm@iafrica.com, jlemon@freebsd.org Subject: TCP sequence numbers Message-ID: <199909010656.IAA04043@hangdog.is.co.za>
next in thread | raw e-mail | index | archive | help
After a bit of work on TCP sequence numbers, and generating initial sequence numbers which are difficult to predict, I have put some code together, which I belive makes the way in which FreeBSD generates initial send sequence numbers more secure. Problems with our existing scheme are that we are using a PRNG, which is seeded to start from zero, and thus we are open to attack, since the PRNG is statistically, but not cryptogrphically random. At the moment, my code still uses random() from libkern, but there are some sources of entropy in the way random() is reseeded on a regular basis, using values like the microseconds of the system clock, the current tcp_iss value, and the tcp endpoints of the last tcp connection. The patch I have developed is based on RFC1948, and also takes some ideas from the way in which Linux calculates TCP ISS values. However, unlike Linux, I am keeping the code true to RFC793's requirement for a "fictitious" 250kHz clock. Instead of uising a cut-down MD4 transform, (which is what Linux does), I have used a cut-down MD5 transform, with round 4 removed. As with the Linux code, I am using 9 32-bit words of random secret, which is rekeyed every 5 minutes. The remainder of the sequence number generation is based on our existing code. I have placed the diff in http://www.freebsd.org/~csgr/tcp_sequence.diff The diff was taken against -current as at approximately 0600 GMT 1 September 1999. testing, comments would be appreciated. Once Mark has completed his work in devrandom, I will rather use devrandom as a source of randomness. (The code still needs a little tidying.) Geoff. -- Geoff Rehmet, The Internet Solution - Infrastructure tel: +27-11-283-5462, fax: +27-11-283-5401 mobile: +27-83-292-5800 email: geoffr@is.co.za URL: http://www.is.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909010656.IAA04043>