--Apple-Mail-47--352434897
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On Nov 13, 2004, at 1:23 AM, Dmitri Nikulin wrote:

> Maybe just not enough, then :)
> Is this fed from the high-quality random source? nmap didn't give up 
> all hope on it.

I seem to recall that there was a paper published that mathematically 
analyzed the TCP ISS randomization of a few OSs, and that NetBSD's 
method was given high praise.

NetBSD also has the option to enable RFC-1948 for TCP ISS generation.

> On a related note, on my old Intel i815 chipset which has a hardware 
> RNG, NetBSD says it enables it at boot, but what does it do from 
> there? Does this get read from into the system's entropy pool or what?

Yes, it is fed into the system entropy pool.

        -- Jason R. Thorpe <thorpej@shagadelic.org>


--Apple-Mail-47--352434897
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFBli50OpVKkaBm8XkRArlyAJsE3kp1g1NGcfaQNlf4RdOrEgR9wACfeII9
x+tbNPcAj6+CLVjc1g/EvrI=
=ZKx3
-----END PGP SIGNATURE-----

--Apple-Mail-47--352434897--