From owner-freebsd-net@FreeBSD.ORG  Fri Apr  5 08:49:38 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 241EB706
 for <freebsd-net@freebsd.org>; Fri,  5 Apr 2013 08:49:38 +0000 (UTC)
 (envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
 by mx1.freebsd.org (Postfix) with ESMTP id 8F73B911
 for <freebsd-net@freebsd.org>; Fri,  5 Apr 2013 08:49:37 +0000 (UTC)
Received: (qmail 14186 invoked from network); 5 Apr 2013 09:57:49 -0000
Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2])
 (envelope-sender <andre@freebsd.org>)
 by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
 for <kevin@your.org>; 5 Apr 2013 09:57:49 -0000
Message-ID: <515E901A.9010304@freebsd.org>
Date: Fri, 05 Apr 2013 10:49:30 +0200
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: Kevin Day <kevin@your.org>
Subject: Re: Syncookies break with Windows 8
References: <CA61E725-8370-4ED2-BBA7-F6FAFF93A553@your.org>
 <510C4424.4030701@networx.ch> <E45CF5BB-39A2-45F0-B0A8-DD01D8299585@your.org>
 <510C4B17.4040509@freebsd.org>
 <3DABEC7E-78B8-49DE-9F76-0B96019E8424@your.org>
In-Reply-To: <3DABEC7E-78B8-49DE-9F76-0B96019E8424@your.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 08:49:38 -0000

On 04.04.2013 23:52, Kevin Day wrote:
>
> On Feb 1, 2013, at 5:09 PM, Andre Oppermann <andre@freebsd.org> wrote:
>>
>> I'm working on a solution.  Have to make sure that the chance to
>> crack a reduced cookie during its 30 seconds lifetime isn't too
>> high.  That means involving our resident crypto experts for
>> verification.
>
>
> Hey, Andre!
>
> I know the security people have been pretty busy, but has there been
 > any progress on this? We're still running into the occasional complaint
 > with this issue.

Yes, there has been progress on a good fix for the issue.  I've also
got excellent feedback from a couple of people on the cryptographic
properties of the new cookie approach.  I shall be able  to post a
patch for testing in the next days.

-- 
Andre