Date: Sat, 09 Jun 2001 10:47:46 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Mike Silbersack <silby@silby.com> Cc: Don Lewis <Don.Lewis@tsc.tdk.com>, freebsd-net@FreeBSD.ORG, freebsd-arch@FreeBSD.ORG Subject: Re: New TCP sequence number generation algorithm; review needed Message-ID: <3B226142.59A48940@mindspring.com> References: <20010608214621.V94603-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote: > > On Fri, 8 Jun 2001, Don Lewis wrote: > > > Why not combine the two schemes and feed the random > > per-host data from the cloned route entry into the > > RFC1948 algorithm? This doesn't solve Terry's objection, > > though. > > That thought had occured to me, but I'm not sure it would > actually add any security. It would not. Big Number Theory(tm) tells us that multiplying or adding one random number to another actually ends up with the result being _less random_. > Terry needs to clarify his objections. #3 is the only one > which is definitely valid. I disagree (of course), but will clarify later in response to your response; I really don't have time for the hour or so of deep thinking necessary to refute your objections (feel flattered, if you like, for "stumping" me... not really that hard, since you seem to be on the ball 8-)), since the points you raise involve some significant subtleties that are not really obvious without a lot of careful thought. I can't really do justice to the concepts necessary to express the fundamental objections right now, as I have other demands on my time which take precedence right now (I'm just going through my email very quickly). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B226142.59A48940>