netdev
[Top] [All Lists]

Re: [PATCH] OpenBSD Networking-related randomization port

To: lorenzo@xxxxxxx, mingo@xxxxxxx
Subject: Re: [PATCH] OpenBSD Networking-related randomization port
From: linux@xxxxxxxxxxx
Date: 31 Jan 2005 23:27:35 -0000
Cc: arjan@xxxxxxxxxxxxx, bunk@xxxxxxxxx, chrisw@xxxxxxxx, davem@xxxxxxxxxx, hlein@xxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux@xxxxxxxxxxx, netdev@xxxxxxxxxxx, shemminger@xxxxxxxx, Valdis.Kletnieks@xxxxxx
In-reply-to: <20050131201141.GA4879@xxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
> could you please also react to this feedback:
>
>   http://marc.theaimsgroup.com/?l=linux-kernel&m=110698371131630&w=2
> 
> to quote a couple of key points from that very detailed security
> analysis:
> 
> " I'm not sure how the OpenBSD code is better in any way.  (Notice that
>   it uses the same "half_md4_transform" as Linux; you just added another
>   copy.) Is there a design note on how the design was chosen? "

Just note that, in addition to the security aspects, there are also a
whole set of multiprocessor issues.  OpenBSD added SMP support in June
2004, and it looks like this code dates back to before that.  It might
be worth looking at what OpenBSD does now.

Note that I have NOT looked at the patch other than the TCP ISN
generation.  However, given the condition of the ISN code, I am inclined
to take a "guilty until proven innocent" view of the rest of it.
Don't merge it until someone has really grokked it, not just kibitzed
about code style issues.

(The homebrew 15-bit block cipher in this code does show how much the
world needs a small block cipher for some of these applications.)

<Prev in Thread] Current Thread [Next in Thread>