Subject: Re: FW: clip from netbsd mailing list
To: None <>
From: Steven M. Bellovin <>
List: tech-security
Date: 03/13/2001 17:46:01
In message <>, Tim.News writes:

>The parameter used for RFC1948 need not be randomly generated
>at boot time.  I was actually wondering if this violates the intent.
>ISN values exist in the same space across reboots?

In all seriousness, that depends on now long a reboot takes.  For 
correctness in the TCP sense, if a reboot takes longer than twice the 
maximum segment lifetime the ISN value for a connection can be 
different.  When I implemented RFC 1948, I initialized the secret by a 
hash of a per-machine secret and whatever random values were lying 
around shortly after boot time -- the reboot time was easily long 

		--Steve Bellovin,