Re: CONFIG_RANDOM option for 1.99.2
Alan Cox (alan@cymru.net)
Thu, 16 May 1996 09:40:56 +0100 (BST)
> actual_initial_sequence_counter =
> (MD5(local port, remote port, remote address,
> high_quality_randomness_obtained_before_networking_enabled) +
> kernel's_existing_sequence_counter);
>
> This satisfies all of the Host Requirements RFC's, and makes it
> significantly more difficult for crackers to perform hijack TCP
> connections initiating from the Linux box.
Is that true. You need monotonically increasing sequence space. We'd need to
make the MD5 part a small fragment of the sequence space (say 24bit) I
think ?
alan