Subject: Re: rpc xid randomness
To: Jun-ichiro itojun Hagino <itojun@itojun.org>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: tech-userlevel
Date: 09/25/2003 04:02:37
On Dec 23,  5:17pm, Jun-ichiro itojun Hagino wrote:
}
} > > 	given horsepower of today's machine the computation overhead is
} > > 	smaller than the benefit we'll get. (well, some of you run pdp10,
} > > 	but don't you want your pdp10 be secure against id predictability
} > > 	attacks?)
} > Perhaps good analogy might be - would you randomize phone
} > number allocation?
} 
} 	when someone can tap the wire and impersonate you by caller ID,
} 	story goes very different.

     No, it doesn't.  If someone taps the line their calls will appear
to be from you, regardless of what your number is.  BTW, it is
surprisingly easy to tap a line or even just to spoof Caller ID.  The
phone system isn't secure by any stretch of the imagination.

}-- End of excerpt from Jun-ichiro itojun Hagino