From owner-freebsd-hackers  Tue Sep  7 20:21:34 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 13A7014EBA; Tue,  7 Sep 1999 20:21:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 05BFB1CD8BA; Tue,  7 Sep 1999 20:21:33 -0700 (PDT)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 7 Sep 1999 20:21:32 -0700 (PDT)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Geoff Rehmet <geoffr@is.co.za>
Cc: hackers@freebsd.org, markm@iafrica.com, jlemon@freebsd.org
Subject: RE: TCP sequence numbers
In-Reply-To: <E3453EC6C52ED3118E7E0090275CD47CFFB0F3@isjhbex.is.co.za>
Message-ID: <Pine.BSF.4.10.9909072010150.68426-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 2 Sep 1999, Geoff Rehmet wrote:

> > How do OpenBSD do it?
>
> They use arc4random(), to add a random increment.

And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}

I haven't had time to read through the patch yet, I'm sorry.

> > Just curious whether you have a reference for doing this or
> > whether it was an ad-hoc change. Playing with cryptographic
> > algorithms isn't usually a good idea unless you're sure, as I'm
> > sure you know.
>
> Yup - dead right.  The requirements in this instance are however
> also slightly different to what you normally use a cryptographic
> hash for.  I want to let the code be picked at a bit before
> it goes into the tree though.

What speed difference is there between MD5 and your cut-down version? Have
you benchmarked performance differences in general?

I'm also still curious about your rationale/references for modifying MD5
in that way.

The other comment I have is that this should probably be hidden behind a
sysctl for configurability and to appease folks who might not like it.

> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives 
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
> 
> If it is only used to generate a secret every 5 minutes, that should
> not be a problem.

Sounds reasonable.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message