From owner-freebsd-net  Sat Jun  9 10:47:27 2001
Delivered-To: freebsd-net@freebsd.org
Received: from maynard.mail.mindspring.net (maynard.mail.mindspring.net [207.69.200.243])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9965937B401; Sat,  9 Jun 2001 10:47:22 -0700 (PDT)
	(envelope-from tlambert2@mindspring.com)
Received: from mindspring.com (dialup-209.245.133.57.Dial1.SanJose1.Level3.net [209.245.133.57])
	by maynard.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id NAA17645;
	Sat, 9 Jun 2001 13:47:17 -0400 (EDT)
Message-ID: <3B226142.59A48940@mindspring.com>
Date: Sat, 09 Jun 2001 10:47:46 -0700
From: Terry Lambert <tlambert2@mindspring.com>
Reply-To: tlambert2@mindspring.com
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Mike Silbersack <silby@silby.com>
Cc: Don Lewis <Don.Lewis@tsc.tdk.com>, freebsd-net@FreeBSD.ORG,
	freebsd-arch@FreeBSD.ORG
Subject: Re: New TCP sequence number generation algorithm; review needed
References: <20010608214621.V94603-100000@achilles.silby.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Mike Silbersack wrote:
> 
> On Fri, 8 Jun 2001, Don Lewis wrote:
> 
> > Why not combine the two schemes and feed the random
> > per-host data from the cloned route entry into the
> > RFC1948 algorithm?  This doesn't solve Terry's objection,
> > though.
> 
> That thought had occured to me, but I'm not sure it would
> actually add any security.

It would not.  Big Number Theory(tm) tells us that
multiplying or adding one random number to another
actually ends up with the result being _less random_.


> Terry needs to clarify his objections.  #3 is the only one
> which is definitely valid.

I disagree (of course), but will clarify later in response
to your response; I really don't have time for the hour or
so of deep thinking necessary to refute your objections
(feel flattered, if you like, for "stumping" me... not
really that hard, since you seem to be on the ball 8-)),
since the points you raise involve some significant
subtleties that are not really obvious without a lot of
careful thought.  I can't really do justice to the concepts
necessary to express the fundamental objections right now,
as I have other demands on my time which take precedence
right now (I'm just going through my email very quickly).

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message