Subject: Re: rpc xid randomness
To: None <>
From: Jun-ichiro itojun Hagino <>
List: tech-security
Date: 09/09/2003 07:15:18
> On Mon, Sep 08, 2003 at 07:50:58PM +0900, Jun-ichiro itojun Hagino wrote:
> > 	to summarize,
> > 	- the currently-committed code is not good.  it is not resistant to
> > 	  number reuse/duplication.
> > 	- sequential number with time.tv_sec initialization is resistant to
> > 	  number reuse/duplication, if we don't set date(1).
> > 	- niels' generator is resistant to number reuse/duplcation, and probably
> > 	  there's no chance for duplication on reboot (due to the use of random
> > 	  number as initialization)
> I just want to see some kind of benchmark, like lat_rpc from lmbench.
> Or maybe just spray(8).

	i ran lat_rpc with patch.  i don't have a system without patch
	(i'm on a research retreat to rural area), so if there's someone with
	similar machine (machine: IBM thinkpad X31, 2672-JHJ) without patch
	can take measurement i would be greatful.


% work.i386/lmbench-2alpha11/bin/i386-netbsd1.6Z/lat_rpc -s
% work.i386/lmbench-2alpha11/bin/i386-netbsd1.6Z/lat_rpc localhost
RPC/tcp latency using localhost: 27.1248 microseconds
RPC/udp latency using localhost: 29.1774 microseconds