Subject: Re: FW: clip from netbsd mailing list
To: None <Tim.Newsham@guardent.com>
From: Steven M. Bellovin <email@example.com>
Date: 03/13/2001 17:46:01
In message <397E0659AA2DD411843500508B64F1CE1E0723@mail.guardent.com>, Tim.News
>The parameter used for RFC1948 need not be randomly generated
>at boot time. I was actually wondering if this violates the intent.
>ISN values exist in the same space across reboots?
In all seriousness, that depends on now long a reboot takes. For
correctness in the TCP sense, if a reboot takes longer than twice the
maximum segment lifetime the ISN value for a connection can be
different. When I implemented RFC 1948, I initialized the secret by a
hash of a per-machine secret and whatever random values were lying
around shortly after boot time -- the reboot time was easily long
--Steve Bellovin, http://www.research.att.com/~smb