+8
−341
+0
−12
include/net/secure_seq.h
0 → 100644
+20
−0
+1
−1
net/core/secure_seq.c
0 → 100644
+184
−0
Loading
Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more
Computers have become a lot faster since we compromised on the partial MD4 hash which we use currently for performance reasons. MD5 is a much safer choice, and is inline with both RFC1948 and other ISS generators (OpenBSD, Solaris, etc.) Furthermore, only having 24-bits of the sequence number be truly unpredictable is a very serious limitation. So the periodic regeneration and 8-bit counter have been removed. We compute and use a full 32-bit sequence number. For ipv6, DCCP was found to use a 32-bit truncated initial sequence number (it needs 43-bits) and that is fixed here as well. Reported-by:Dan Kaminsky <dan@doxpara.com> Tested-by:
Willy Tarreau <w@1wt.eu> Signed-off-by:
David S. Miller <davem@davemloft.net>