tech-net: Re: kernel ip_randomid() and libc randomid(3) still "broken"

Subject: Re: kernel ip_randomid() and libc randomid(3) still "broken"
To: None <jonathan@DSG.Stanford.EDU>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 11/27/2003 06:12:01

> >	ip_randomid() there's guaranteed recycle period, which is about 12000.
> >	yes, the likelihood of the problem like you stated will increase
> >	by factor of (64K/12K), but with that cost we can buy hard-to-guess
> >	fragment ID.
> 
> You seem to take it as an article of faith that somewhat harder to
> predict ip_ids is worth *all* the downsides it carries with it.  I
> haven't noticed anyone else here who shares that opinion.
> 
> Instead, I see several different people articulating the same
> fundamental issue, all saying that the alleged security from
> randomized IP IDs just isnt worth it -- in some cases, saying that
> even if the random-id algoithm cost no more than the prior linear
> incrementing IDs, it *still* isn't worth it.
> 
> Shouldn't that be telling you something?

	nope.

	anyways, i will remove the RANDOM_IP_ID #ifdef, as less #ifdef is always
	better, and we have sysctl for controlling it.  the default value for
	the sysctl would still be debetable, but i leave it to 0, for now.

itojun