Updates from February, 2010 Toggle Comment Threads | Keyboard Shortcuts

  • Harshad Joshi 11:59 am on February 4, 2010 Permalink | Reply  


    drizzle drys up
    parched birds fly
    a new tree waits…

    Dedicated to the outgoing SUN CEO – Jonathan Schwartz who resigned from his post today ie 4/2/10. Good Bye SUN. Welcome Oracle.

    Posted via email from [root@localhost /root]#

  • Harshad Joshi 8:32 am on February 4, 2010 Permalink | Reply  

    Pseudo Random Number Generators 

    A Pseudo Random Number Generator (PRNG) provides applications with a stream of numbers which have certain important properties for system security:

    • It should be impossible for an outsider to predict the output of the random number generator even with knowledge of previous output.
    • The generated numbers should not have repeating patterns which means the PRNG should have a very long cycle length.

    A PRNG is normally just an algorithm where the same initial starting values will yield the same sequence of outputs. On a multiuser operating system there are many sources which allow seeding the PRNG with random data. The OpenBSD kernel uses the mouse interrupt timing, network data interrupt latency, inter-keypress timing and disk IO information to fill an entropy pool. Random numbers are available for kernel routines and are exported via devices to userland programs. So far random numbers are used in the following places:

    • Dynamic sin_port allocation in bind(2).
    • PIDs of processes.
    • IP datagram IDs.
    • RPC transaction IDs (XID).
    • NFS RPC transaction IDs (XID).
    • DNS Query-IDs.
    • Inode generation numbers, see getfh(2) and fsirand(8).
    • Timing perturbance in traceroute(8).
    • Stronger temporary names for mktemp(3) and mkstemp(3)
    • Randomness added to the TCP ISS value for protection against spoofing attacks.
    • random padding in IPsec esp_old packets.
    • To generate salts for the various password algorithms.
    • For generating fake S/Key challenges.
    • In isakmpd(8) to provide liveness proof of key exchanges.

    Posted via email from [root@localhost /root]#

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc