Re: preventing sequence number guessing

[tdarcos () access digex net (Paul Robinson)]

On Sun, 29 Jan 1995, David A. Wagner wrote:

> > Anyone care to do a real-time test?  Generate some random strings of 
> > varying length, including some one-byte responses, until you have some 
> > large number, say, 10000 of these strings.  Randomly assign some to one 
> > side, so that maybe one side has 1000 outgoing strings and 9000 incoming, 
> > then have an MD5 checksum done in which the program generates a checksum 
> > for each line, sends it, then after, say, 10 lines, sends a message the 
> > other way.  
>
> I think you misunderstood my (proposed) use of MD5.
>
> MD5 would *not* be invoked for every packet sent -- *only*
> for SYN packets, i.e. for TCP/IP connection startup.
>
> There'd be one invocation of MD5 per new connection request
> per machine.  Furthermore, the input being hashed would only
> need to be a few bytes -- 8 or 16 is plenty.

So again, what's to keep someone from hijacking the connection again.  
Comes in, steals the packets on the wire.  Substitutes his for the real 
ones, then sends a "close connection" or "reset" back to the original 
source.  He now has an authenticated connection after it's been 
authenticated.
> I *heard* that there was one bug in the MD5 code printed in
> the RFC, but I've never tried it myself.

Someone want to check this?  If so, it needs to be reported and the RFC 
needs to be obsoleted and replaced with a new one.  Do we have anyone 
here who has the arithmetic to be able to verify this sort of thing?  I 
can puzzle some things out, but this goes way beyond my mathematical 
abilities. 
 
> There's MD5 code at ripem.msu.edu /pub/crypt/others/md5.zip
> which I'm pretty certain is good...

Might be worth running tandem verifications of some items and see that 
they both get the same results, say on a few thousand items.