[lwip-users] Re: [lwip] TCP sequence number attacks

[Paul Sheer]

> 
> The right way to solve it isn't just to do iss = random(), though. I

it is with PaulOS, because PaulOS random() is secure

> 
> How do you provide cryptographicly secure randomness by the way?

using arc4 stream of "random" bytes

arc4 initialization will however include a looong initial
key unique to each manufactured unit.

---------

/* random.c - PaulOS embedded operating system
   Copyright (C) 2002  Paul Sheer

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#include <paulos/config.h>
#include <sys/types.h>
#include <stdlib.h>
#include <assert.h>

static unsigned char s[256];
static int i, j;

#define SWAP(a, b)      \
    do {                \
        t = (a);        \
        (a) = (b);      \
        (b) = t;        \
    } while (0)

static inline void sbox_encrypt (unsigned char *k, int l)
{
    unsigned char t;
    assert (l >= 0);
    while (l-- > 0) {
        i = (i + 1) % 256;
        j = (j + s[i]) % 256;
        SWAP (s[i], s[j]);
        t = s[i] + s[j] % 256;
        *k++ ^= s[t];
    }
}

static inline void sbox_init (unsigned char *k, int l)
{
    unsigned char t;
    int m;
    j = 0;
    for (i = 0; i < 256; i++)
        s[i] = i;
    for (i = 0; i < 256; i++) {
        j = (j + s[i] + k[i % l]) % 256;
        SWAP (s[i], s[j]);
    }
    i = j = 0;

/* warm up cycle */
    for (m = 0; m < 2000; m++)
        sbox_encrypt ((unsigned char *) &t, 1);
}

long random (void)
{
    long r = 0;
    sbox_encrypt ((unsigned char *) &r, sizeof (r));
    return r % (RAND_MAX + 1);
}

void rand_init (unsigned char *k, int l)
{
    sbox_init (k, l);
}

void srand (unsigned int i)
{
    rand_init ((unsigned char *) &i, sizeof (i));
}

int rand (void)
{
    int r = 0;
    sbox_encrypt ((unsigned char *) &r, sizeof (r));
    return r % (RAND_MAX + 1);
}

void srandom (unsigned int i)
{
    rand_init ((unsigned char *) &i, sizeof (i));
}

--------


-paul

Paul Sheer Consulting IT Services . . Tel . . . +27 (0)21 6869634
Email . . . address@hidden . . . . . . Pager . . . 088 0057245
Linux development, cryptography, recruitment,  support,  training
http://www.icon.co.za/~psheer . . . . http://rute.sourceforge.net
L I N U X . . . . . . . . . . . .  The Choice of a GNU Generation

[This message was sent through the lwip discussion list.]