Date: Tue, 21 Aug 2001 21:52:45 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Kris Kennaway <kris@obsecurity.org> Cc: Mike Silbersack <silby@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_input.c tcp_seq.h tcp_subr.c tcp_timer.c tcp_usrreq.c tcp_var.h Message-ID: <20010821215244.G313@blossom.cjclark.org> In-Reply-To: <20010821195920.A23850@xor.obsecurity.org>; from kris@obsecurity.org on Tue, Aug 21, 2001 at 07:59:20PM -0700 References: <200108220058.f7M0wGf97070@freefall.freebsd.org> <20010821195920.A23850@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 21, 2001 at 07:59:20PM -0700, Kris Kennaway wrote: > On Tue, Aug 21, 2001 at 05:58:16PM -0700, Mike Silbersack wrote: > > silby 2001/08/21 17:58:16 PDT > > > > Modified files: > > sys/netinet tcp_input.c tcp_seq.h tcp_subr.c > > tcp_timer.c tcp_usrreq.c tcp_var.h > > Log: > > Much delayed but now present: RFC 1948 style sequence numbers > > Yay! > > > In order to ensure security and functionality, RFC 1948 style > > initial sequence number generation has been implemented. Barring > > any major crypographic breakthroughs, this algorithm should be > > unbreakable. > > Except by brute force. A 32-bit sequence number just isn't naturally > very resistent to guessing, and on a fast connection, under favourable > circumstances, an attacker could simply cycle through them all. Actually, I believe the reason "total randomness" does not help all that much is more due to the fact a birthday attack on a 32-bit sequence number is not as difficult as it would seem. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010821215244.G313>