diff options
author | Niels Provos <provos@cvs.openbsd.org> | 1999-08-26 13:37:02 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 1999-08-26 13:37:02 +0000 |
commit | c26d3d2d3a2688f716bda400cb413ea51aa98658 (patch) | |
tree | 25195dc35e2c5d91b08289989207c2ab65b3ef10 /sys | |
parent | 8a0d1090d7418f7f9d0ae904ede1b5015347068b (diff) |
add an inner xor to make prediction attacks against the ids harder, due
to an attack pointed out by David Wagner.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_id.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/netinet/ip_id.c b/sys/netinet/ip_id.c index 54ab20fbf42..4f03a48d1a1 100644 --- a/sys/netinet/ip_id.c +++ b/sys/netinet/ip_id.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_id.c,v 1.1 1998/12/26 12:35:12 provos Exp $ */ +/* $OpenBSD: ip_id.c,v 1.2 1999/08/26 13:37:01 provos Exp $ */ /* * Copyright 1998 Niels Provos <provos@citi.umich.edu> @@ -76,7 +76,7 @@ const static u_int16_t pfacts[PFAC_N] = { }; static u_int16_t ru_x; -static u_int16_t ru_seed; +static u_int16_t ru_seed, ru_seed2; static u_int16_t ru_a, ru_b; static u_int16_t ru_g; static u_int16_t ru_counter = 0; @@ -136,6 +136,8 @@ ip_initid(void) /* 15 bits of random seed */ ru_seed = (tmp >> 16) & 0x7FFF; + get_random_bytes((void *) &tmp, sizeof(tmp)); + ru_seed2 = tmp & 0x7FFF; get_random_bytes((void *) &tmp, sizeof(tmp)); @@ -195,5 +197,5 @@ ip_randomid(void) ru_counter += i; - return (ru_seed ^ pmod(ru_g,ru_x,RU_N)) | ru_msb; + return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x,RU_N)) | ru_msb; } |