From owner-freebsd-hackers Wed Sep 1 10:12:27 1999 Delivered-To: freebsd-hackers@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id EC88514E3E; Wed, 1 Sep 1999 10:12:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id DC9F71CD8BA; Wed, 1 Sep 1999 10:12:25 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Wed, 1 Sep 1999 10:12:25 -0700 (PDT) From: Kris Kennaway To: Geoff Rehmet Cc: hackers@freebsd.org, markm@iafrica.com, jlemon@freebsd.org Subject: Re: TCP sequence numbers In-Reply-To: <199909010656.IAA04043@hangdog.is.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 1 Sep 1999, Geoff Rehmet wrote: > After a bit of work on TCP sequence numbers, and generating initial > sequence numbers which are difficult to predict, I have put some > code together, which I belive makes the way in which FreeBSD > generates initial send sequence numbers more secure. How do OpenBSD do it? > The patch I have developed is based on RFC1948, and also takes some ideas > from the way in which Linux calculates TCP ISS values. However, unlike > Linux, I am keeping the code true to RFC793's requirement for a > "fictitious" 250kHz clock. Instead of uising a cut-down MD4 transform, > (which is what Linux does), I have used a cut-down MD5 transform, with > round 4 removed. Just curious whether you have a reference for doing this or whether it was an ad-hoc change. Playing with cryptographic algorithms isn't usually a good idea unless you're sure, as I'm sure you know. > As with the Linux code, I am using 9 32-bit words of > random secret, which is rekeyed every 5 minutes. > The remainder of the sequence number generation is based on our existing > code. > > I have placed the diff in > > http://www.freebsd.org/~csgr/tcp_sequence.diff > > The diff was taken against -current as at approximately 0600 GMT > 1 September 1999. > > testing, comments would be appreciated. > > Once Mark has completed his work in devrandom, I will rather use > devrandom as a source of randomness. I'd expect Yarrow to be (perhaps quite a bit) slower than our existing PRNG - it's a more conservative design and uses primitives like SHA-1 (for yarrow-160). I don't know how much of an impact this would be for network performance. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message