--ZfOjI3PrQbgiZnxM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Sorry for the blast from the past. I'm cleaning out old mail...

On Sat, Nov 13, 2004 at 07:55:32AM -0800, Jason Thorpe wrote:
>=20
> On Nov 13, 2004, at 1:23 AM, Dmitri Nikulin wrote:
>=20
> >Maybe just not enough, then :)
> >Is this fed from the high-quality random source? nmap didn't give up=20
> >all hope on it.
>=20
> I seem to recall that there was a paper published that mathematically=20
> analyzed the TCP ISS randomization of a few OSs, and that NetBSD's=20
> method was given high praise.

I have that paper, and it also analyzed the OpenBSD method. The latter=20
method added random numbers into the mix more often, with the thought that=
=20
more random =3D=3D better. The problem is that doing that mathematically=20
weakened the randomness. More random =3D=3D worse...

I mention this as the thread seemed to be about adding "security" features=
=20
from other OSs. We should be careful that the changes actually enhance=20
security.

Take care,

Bill

--ZfOjI3PrQbgiZnxM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFB3JxWWz+3JHUci9cRAg+aAJ42WYOqot6A1hmDvk2jrZJNdEy8LgCcCtvq
S7+S+mo/1W/3XtkGcEUBUP4=
=8J7C
-----END PGP SIGNATURE-----

--ZfOjI3PrQbgiZnxM--