Subject: Re: rpc xid randomness
To: None <firstname.lastname@example.org>
From: Jun-ichiro itojun Hagino <email@example.com>
Date: 09/07/2003 10:40:21
> > when someone can tap the wire and impersonate you by caller ID,
> > story goes very different.
> Randomizing transaction IDs does *not* provide any kind of meaningful
> protection against an active attack on the RPC protocol; it just makes
> it very slightly harder.
why are we using (poorly-designed) pseudorandom number instead of
sequential number right now?