Re: CONFIG_RANDOM option for 1.99.2

Theodore Y. Ts'o (tytso@mit.edu)
Wed, 15 May 1996 14:22:28 -0400


From: Martin Mares <mj@k332.feld.cvut.cz>
Date: Wed, 15 May 1996 19:40:38 +0200 (MET DST)

No, I didn't say /dev/random should be repaced by LCG, I said if someone
decides to disable /dev/random, there should be a _kernel_ function purely
for inside-kernel random number generation (for such cases as the
BOOP code).

Yes, but what if the kernel needs high-quality random numbers? Some of
the schemes which prevent the sequence-numbering attacks that allow
crackers to hijack TCP connections require good random numbers.

The best such scheme only requires high-quality randomness at the
beginning, but it requires that each TCP open make a call to a
cryptographic checksum function, which is most of what makes the random
number driver so big.

I'm actually thinking about putting this code into the random driver
(since that's where the crypto checksum routine is), and the allowing
the TCP code to call out to the routine. The basic algorithm is:

actual_initial_sequence_counter =
(MD5(local port, remote port, remote address,
high_quality_randomness_obtained_before_networking_enabled) +
kernel's_existing_sequence_counter);

This satisfies all of the Host Requirements RFC's, and makes it
significantly more difficult for crackers to perform hijack TCP
connections initiating from the Linux box.

- Ted