From owner-freebsd-hackers Wed Sep 1 22: 0:25 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id E2DD31570B; Wed, 1 Sep 1999 22:00:05 -0700 (PDT) (envelope-from geoffr@is.co.za) Received: from ISJHBEX (isjhbexnode.is.co.za [196.26.1.2]) by mercury.is.co.za (8.9.3/8.9.3) with ESMTP id GAA11286; Thu, 2 Sep 1999 06:57:58 +0200 Received: by isjhbex.is.co.za with Internet Mail Service (5.5.2650.10) id ; Thu, 2 Sep 1999 07:02:59 +0200 Message-ID: From: Geoff Rehmet To: "'Kris Kennaway'" Cc: hackers@freebsd.org, markm@iafrica.com, jlemon@freebsd.org Subject: RE: TCP sequence numbers Date: Thu, 2 Sep 1999 07:02:57 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > How do OpenBSD do it? They use arc4random(), to add a random increment. > Just curious whether you have a reference for doing this or > whether it was > an ad-hoc change. Playing with cryptographic algorithms isn't > usually a > good idea unless you're sure, as I'm sure you know. Yup - dead right. The requirements in this instance are however also slightly different to what you normally use a cryptographic hash for. I want to let the code be picked at a bit before it goes into the tree though. > > I'd expect Yarrow to be (perhaps quite a bit) slower than our existing > PRNG - it's a more conservative design and uses primitives > like SHA-1 (for > yarrow-160). I don't know how much of an impact this would be for > network performance. If it is only used to generate a secret every 5 minutes, that should not be a problem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message