Subject: Re: CVS commit: src/sys/netinet
To: Perry E. Metzger <perry@piermont.com>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-crypto
Date: 09/06/2003 20:20:00
In message <878yp1wm1h.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
>
>David Laight <david@l8s.co.uk> writes:
>> - sequences where values are guaranteed not to be reproduced
>> - random values
>
>One way to do this is encrypting a counter with a 32 bit block cipher,
>but until a few minutes ago I was unaware of any. (Now I've learned of
>one on the cryptography mailing list.)
Right, but some uses for such things have stronger non-repitition
requirements. For example, the TCP initial sequence number shouldn't
repeat for 2*maximum segment lifetime. The IPid field shouldn't repeat
for somewhat longer than the fragment lifetime on the receiving system.
--Steve Bellovin, http://www.research.att.com/~smb