Date: Thu, 23 May 1996 10:21:07 -0600 From: Warner Losh <imp@village.org> To: Paul Traina <pst@shockwave.com> Cc: Garrett Wollman <wollman@lcs.mit.edu>, Poul-Henning Kamp <phk@critter.tfs.com>, current@FreeBSD.ORG, blh@nol.net Subject: Re: freebsd + synfloods + ip spoofing Message-ID: <199605231621.KAA10068@rover.village.org> In-Reply-To: Your message of Thu, 23 May 1996 09:14:01 PDT
next in thread | raw e-mail | index | archive | help
: That offers no improvement over just randomization.
As long as the randomization isn't predictible, yes. I'm not sure why
they suggest the MD-5 hash.
I wrote:
: Per attempt is easy to ramdomize w/o violating 793 since you still
: have 2^31 bits of randomness that you can use (since the original
31 bits
Paul again:
: However, the random number generator that we're using could be badly broken,
: which is why I want to get BHL's tools and verify his tests.
If it is a pseudo random number sequence generater, then it buys you
nothing over += 30 because it is predictible (even if it is uniform
and looks random). I've not tkaen a look at the code to know for sure
if the randomness is good enough or not. Likely you need to do a
/dev/random sort of thing that will be both uniform and unpredictable.
Warner
P.S. /dev/random here is a entropy gatherer in the kernel for the
purpose of generating cryptographically strong random numbers.
-stable doesn't seem to have this, not sure about -current. Linux
does which is where I'm getting the nomenclature from.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605231621.KAA10068>