From owner-freebsd-current Thu May 23 09:21:42 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA25601 for current-outgoing; Thu, 23 May 1996 09:21:42 -0700 (PDT) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id JAA25596 for ; Thu, 23 May 1996 09:21:39 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by rover.village.org (8.7.5/8.6.6) with SMTP id KAA10068; Thu, 23 May 1996 10:21:08 -0600 (MDT) Message-Id: <199605231621.KAA10068@rover.village.org> To: Paul Traina Subject: Re: freebsd + synfloods + ip spoofing Cc: Garrett Wollman , Poul-Henning Kamp , current@FreeBSD.ORG, blh@nol.net In-reply-to: Your message of Thu, 23 May 1996 09:14:01 PDT Date: Thu, 23 May 1996 10:21:07 -0600 From: Warner Losh Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk : That offers no improvement over just randomization. As long as the randomization isn't predictible, yes. I'm not sure why they suggest the MD-5 hash. I wrote: : Per attempt is easy to ramdomize w/o violating 793 since you still : have 2^31 bits of randomness that you can use (since the original 31 bits Paul again: : However, the random number generator that we're using could be badly broken, : which is why I want to get BHL's tools and verify his tests. If it is a pseudo random number sequence generater, then it buys you nothing over += 30 because it is predictible (even if it is uniform and looks random). I've not tkaen a look at the code to know for sure if the randomness is good enough or not. Likely you need to do a /dev/random sort of thing that will be both uniform and unpredictable. Warner P.S. /dev/random here is a entropy gatherer in the kernel for the purpose of generating cryptographically strong random numbers. -stable doesn't seem to have this, not sure about -current. Linux does which is where I'm getting the nomenclature from.