Bugtraq mailing list archives

Re: preventing sequence number guessing

From: proff () suburbia apana org au (Julian Assange)
Date: Sun, 29 Jan 1995 22:49:09 +1100 (EST)

~/scratch/md5 $ time ./md5drivr -t
MD5 time trial. Digesting 1000000 8-byte blocks ... done
Digest = 2278bf63bfa354c582138cde1233fd15
Time = 7 seconds
Speed = 1142857 bytes/second
6.776s real  6.680s user  0.090s system  99% ./md5drivr -t

So it takes about 7 u-seconds to MD5 hash a small block on a fairly
wimpy Sun.  [It's faster on faster boxes, of course.]


Perhaps not.  MD5 has relatively high overhead; that is, in the

      time = overhead + (perbyte * bytes)


Don't forget alsothe that above example also most likely ran entirely within the
cache on an unloaded machine. In a real-life circimstance it would be inter
spliced with both much other kernel level networking code and the user-level 
processes that are the initial/final senders/recpients of the TCP packets. The
reality is that cryptographically secure sequence numbers are not needed. There
are ample other sources for truely random variables of small enough granularity
within most kernel data spaces.

Proff

Current thread:

Re: preventing sequence number guessing der Mouse (Jan 28)
- Re: preventing sequence number guessing Julian Assange (Jan 29)
- Re: preventing sequence number guessing Paul Robinson (Jan 29)
- <Possible follow-ups>
- Re: preventing sequence number guessing Paul Robinson (Jan 29)
- Re: preventing sequence number guessing der Mouse (Jan 30)