Subject: Re: rpc xid randomness
To: None <tech-security@NetBSD.org, tech-userlevel@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 09/08/2003 20:06:24
>> a ** b mod c
> we're not encrypting stuff, we're just trying to generate
> non-repeating random number. so i beg to differ.
"Random" in what sense?
If it needs to be unpredictable, the weakness described is important.
If it just needs to be unlikely to repeat any id used in the recent
past, it's not.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML email@example.com
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B