In message <87ptid4wz6.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
>
>David Laight <david@l8s.co.uk> writes:
>> I'm not sure that arc4random is appropriate for ip sequence numbers,
>> it doesn't have the correct properties.  In particular the same output
>> value can be generated by adjacent calls to the function - which you
>> definitely don't want!  This will be true for any generator with more
>> that 32 bits of state (or rather if the required value is smaller than
>> the state).
>
>Ideally, we want something that generates an unpredictable ergodic
>sequence of some sort -- that is to say, a sequence guaranteed to
>cycle through all possible values, but in an unpredictable order.
>
>I'm not entirely sure what the right way to do this is, though.
>

And does it in a way that avoids reuse -- even after rekeying -- too 
soon.

		--Steve Bellovin, http://www.research.att.com/~smb