Re: CVS commit: src/sys/netinet

To: smb%research.att.com@localhost
Subject: Re: CVS commit: src/sys/netinet
From: itojun%itojun.org@localhost (Jun-ichiro itojun Hagino)
Date: Mon, 8 Sep 2003 05:57:23 +0900 (JST)

> >One way to do this is encrypting a counter with a 32 bit block cipher,
> >but until a few minutes ago I was unaware of any. (Now I've learned of
> >one on the cryptography mailing list.)
> Right, but some uses for such things have stronger non-repitition 
> requirements.  For example, the TCP initial sequence number shouldn't 
> repeat for 2*maximum segment lifetime.  The IPid field shouldn't repeat 
> for somewhat longer than the fragment lifetime on the receiving system.

        niels' generator satisfies non-repetition requirements, tunable by
        parameter.  the code reinitialize itself on (1) generation of certain
        number of numbers (18000 for 16bit case), or (2) specified time have
        elapsed (180sec).  collision never happens until 2 reinitializations
        take place (36000 generations of 360sec).

itojun

Follow-Ups:
- Re: CVS commit: src/sys/netinet
  - From: Alan Barrett

References:
- Re: CVS commit: src/sys/netinet
  - From: Steven M. Bellovin

Prev by Date: Re: CVS commit: src/sys/netinet
Next by Date: Re: CVS commit: src/sys/netinet
Previous by Thread: Re: CVS commit: src/sys/netinet
Next by Thread: Re: CVS commit: src/sys/netinet
Indexes:

Home | Main Index | Thread Index | Old Index