[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-users] Re: [lwip] TCP sequence number attacks
From: |
Paul Sheer |
Subject: |
[lwip-users] Re: [lwip] TCP sequence number attacks |
Date: |
Wed, 08 Jan 2003 23:37:15 -0000 |
>
> The right way to solve it isn't just to do iss = random(), though. I
it is with PaulOS, because PaulOS random() is secure
>
> How do you provide cryptographicly secure randomness by the way?
using arc4 stream of "random" bytes
arc4 initialization will however include a looong initial
key unique to each manufactured unit.
---------
/* random.c - PaulOS embedded operating system
Copyright (C) 2002 Paul Sheer
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <paulos/config.h>
#include <sys/types.h>
#include <stdlib.h>
#include <assert.h>
static unsigned char s[256];
static int i, j;
#define SWAP(a, b) \
do { \
t = (a); \
(a) = (b); \
(b) = t; \
} while (0)
static inline void sbox_encrypt (unsigned char *k, int l)
{
unsigned char t;
assert (l >= 0);
while (l-- > 0) {
i = (i + 1) % 256;
j = (j + s[i]) % 256;
SWAP (s[i], s[j]);
t = s[i] + s[j] % 256;
*k++ ^= s[t];
}
}
static inline void sbox_init (unsigned char *k, int l)
{
unsigned char t;
int m;
j = 0;
for (i = 0; i < 256; i++)
s[i] = i;
for (i = 0; i < 256; i++) {
j = (j + s[i] + k[i % l]) % 256;
SWAP (s[i], s[j]);
}
i = j = 0;
/* warm up cycle */
for (m = 0; m < 2000; m++)
sbox_encrypt ((unsigned char *) &t, 1);
}
long random (void)
{
long r = 0;
sbox_encrypt ((unsigned char *) &r, sizeof (r));
return r % (RAND_MAX + 1);
}
void rand_init (unsigned char *k, int l)
{
sbox_init (k, l);
}
void srand (unsigned int i)
{
rand_init ((unsigned char *) &i, sizeof (i));
}
int rand (void)
{
int r = 0;
sbox_encrypt ((unsigned char *) &r, sizeof (r));
return r % (RAND_MAX + 1);
}
void srandom (unsigned int i)
{
rand_init ((unsigned char *) &i, sizeof (i));
}
--------
-paul
Paul Sheer Consulting IT Services . . Tel . . . +27 (0)21 6869634
Email . . . address@hidden . . . . . . Pager . . . 088 0057245
Linux development, cryptography, recruitment, support, training
http://www.icon.co.za/~psheer . . . . http://rute.sourceforge.net
L I N U X . . . . . . . . . . . . The Choice of a GNU Generation
[This message was sent through the lwip discussion list.]
- [lwip-users] Re: [lwip] TCP sequence number attacks, John C. Toman, 2003/01/08
- [lwip-users] Re: [lwip] TCP sequence number attacks, Adam Dunkels, 2003/01/08
- [lwip-users] Re: [lwip] TCP sequence number attacks,
Paul Sheer <=
- [lwip-users] Re: [lwip] TCP sequence number attacks, Adam Dunkels, 2003/01/09
- [lwip-users] Re: [lwip] TCP sequence number attacks, Adam Dunkels, 2003/01/09
- [lwip-users] Re: [lwip] TCP sequence number attacks, John C. Toman, 2003/01/09
- [lwip-users] Re: [lwip] TCP sequence number attacks, Adam Dunkels, 2003/01/09
- [lwip-users] Re: [lwip] TCP sequence number attacks, Paul Sheer, 2003/01/09