Re: [PATCH] OpenBSD Networking-related randomization port
From: <hidden>
Date: 2005-01-31 23:31:59
Also in:
lkml
Possibly related (same subject, not in this thread)
- 2005-02-13 · Re: [PATCH] OpenBSD Networking-related randomization port · <hidden>
- 2005-02-13 · Re: [PATCH] OpenBSD Networking-related randomization port · Roland Dreier <hidden>
- 2005-02-12 · Re: [PATCH] OpenBSD Networking-related randomization port · <hidden>
- 2005-02-12 · Re: [PATCH] OpenBSD Networking-related randomization port · Andi Kleen <hidden>
- 2005-02-01 · Re: [PATCH] OpenBSD Networking-related randomization port · Matt Mackall <hidden>
could you please also react to this feedback: http://marc.theaimsgroup.com/?l=linux-kernel&m=110698371131630&w=2 to quote a couple of key points from that very detailed security analysis: " I'm not sure how the OpenBSD code is better in any way. (Notice that it uses the same "half_md4_transform" as Linux; you just added another copy.) Is there a design note on how the design was chosen? "
Just note that, in addition to the security aspects, there are also a whole set of multiprocessor issues. OpenBSD added SMP support in June 2004, and it looks like this code dates back to before that. It might be worth looking at what OpenBSD does now. Note that I have NOT looked at the patch other than the TCP ISN generation. However, given the condition of the ISN code, I am inclined to take a "guilty until proven innocent" view of the rest of it. Don't merge it until someone has really grokked it, not just kibitzed about code style issues. (The homebrew 15-bit block cipher in this code does show how much the world needs a small block cipher for some of these applications.)