From owner-freebsd-hackers  Tue Sep  7 20:25:32 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 26395154A3; Tue,  7 Sep 1999 20:25:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 16B9E1CD8BA; Tue,  7 Sep 1999 20:25:30 -0700 (PDT)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 7 Sep 1999 20:25:30 -0700 (PDT)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Geoff Rehmet <geoffr@is.co.za>
Cc: hackers@freebsd.org, markm@iafrica.com, jlemon@freebsd.org
Subject: RE: TCP sequence numbers
In-Reply-To: <E3453EC6C52ED3118E7E0090275CD47CFFB0F3@isjhbex.is.co.za>
Message-ID: <Pine.BSF.4.10.9909072024070.68426-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 2 Sep 1999, Geoff Rehmet wrote:

> > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> > PRNG - it's a more conservative design and uses primitives 
> > like SHA-1 (for
> > yarrow-160). I don't know how much of an impact this would be for
> > network performance.
> 
> If it is only used to generate a secret every 5 minutes, that should not
> be a problem.

Hrm. RFC 1948 seems to warn against changing the secret while "live". It's
not immediately obvious to me why this is so.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message