Subject: Re: CVS commit: src/sys/netinet
To: None <smb@research.att.com>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: source-changes
Date: 09/08/2003 05:57:23
> >One way to do this is encrypting a counter with a 32 bit block cipher,
> >but until a few minutes ago I was unaware of any. (Now I've learned of
> >one on the cryptography mailing list.)
> Right, but some uses for such things have stronger non-repitition
> requirements. For example, the TCP initial sequence number shouldn't
> repeat for 2*maximum segment lifetime. The IPid field shouldn't repeat
> for somewhat longer than the fragment lifetime on the receiving system.
niels' generator satisfies non-repetition requirements, tunable by
parameter. the code reinitialize itself on (1) generation of certain
number of numbers (18000 for 16bit case), or (2) specified time have
elapsed (180sec). collision never happens until 2 reinitializations
take place (36000 generations of 360sec).
itojun