Date: Tue, 7 Sep 1999 20:21:32 -0700 (PDT) From: Kris Kennaway <kris@hub.freebsd.org> To: Geoff Rehmet <geoffr@is.co.za> Cc: hackers@freebsd.org, markm@iafrica.com, jlemon@freebsd.org Subject: RE: TCP sequence numbers Message-ID: <Pine.BSF.4.10.9909072010150.68426-100000@hub.freebsd.org> In-Reply-To: <E3453EC6C52ED3118E7E0090275CD47CFFB0F3@isjhbex.is.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time to read through the patch yet, I'm sorry.
> > Just curious whether you have a reference for doing this or
> > whether it was an ad-hoc change. Playing with cryptographic
> > algorithms isn't usually a good idea unless you're sure, as I'm
> > sure you know.
>
> Yup - dead right. The requirements in this instance are however
> also slightly different to what you normally use a cryptographic
> hash for. I want to let the code be picked at a bit before
> it goes into the tree though.
What speed difference is there between MD5 and your cut-down version? Have
you benchmarked performance differences in general?
I'm also still curious about your rationale/references for modifying MD5
in that way.
The other comment I have is that this should probably be hidden behind a
sysctl for configurability and to appease folks who might not like it.
> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
>
> If it is only used to generate a secret every 5 minutes, that should
> not be a problem.
Sounds reasonable.
Kris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909072010150.68426-100000>