From owner-freebsd-arch Sun Jun 10 21:37:30 2001 Delivered-To: freebsd-arch@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 98D3837B408 for ; Sun, 10 Jun 2001 21:37:15 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 983 invoked by uid 1000); 11 Jun 2001 04:37:14 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 11 Jun 2001 04:37:14 -0000 Date: Sun, 10 Jun 2001 23:37:14 -0500 (CDT) From: Mike Silbersack To: Barney Wolff Cc: , Subject: Re: New TCP sequence number generation algorithm; review needed In-Reply-To: <20010610231129.A86387@tp.databus.com> Message-ID: <20010610231754.I841-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 10 Jun 2001, Barney Wolff wrote: > 1. It is a misnomer to refer to "shared secret" in RFC 1948. The > secret is not shared with any entity. Point taken, I should have worded that differently. I'm not sure what the correct term is, in this case. > 2. Implying that because DES can be brute-forced that MD5 can be > brute-forced is just silly. Yes, in another 100 years, if Moore's > Law continues to hold, which is unlikely. The important point to note is that we're not talking about pure MD5 here; only 32 bits of the hash is used. I'm not a cryptologist by any means, but I would imagine that the security of the hash is reduced greatly by that change. Even though the hash is probably still very strong, the idea of having a single master key (so to speak) controlling the generation of all ISNs still worries me. Well, either way, we'll see what comments this algorithm gets from those on end2end. There could be a fatal flaw I haven't seen precisely because I'm not a cryptologist. :) > Suggestion - write an internet-draft and get the end2end group > to endorse your scheme, rather than commiting FreeBSD to it. I've been asked by others to talk to end2end, and I will be doing that soon. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message