Security Incidents mailing list archives
RE: CRv2 - Questions
From: "The Death" <thedeadh () netvision net il>
Date: Mon, 23 Jul 2001 17:01:35 +0200
Hello there.
IPv4 has 32 bit address space, and 2^32 == 4294967296. So there are no more than 2^32 IPs and no need to have a PRNG to output more - but the order of this 2^32 numbers plays a role. AFAIK the first version produced the same order. This is not a PRNG but a chain generator with the same output on every infected host.
You are right, i did not notice that the total number is covering the entire possible 32-bit positions (therefore, all IPs). In any case, this IS considered a PRNG, it is just that the seeding configurations (using static seeds and not random seeds) break the security, and bring it to a level of a simple, known, list. Thanx for pointing that out, anyway. Regards, The Death ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CRv2 - Questions The Death (Jul 21)
- Re: CRv2 - Questions Nick FitzGerald (Jul 22)
- RE: CRv2 - Questions The Death (Jul 22)
- Re: CRv2 - Questions Steffen Dettmer (Jul 23)
- RE: CRv2 - Questions The Death (Jul 23)
- RE: CRv2 - Questions Jose Nazario (Jul 23)
- Re: CRv2 - Questions Ronald Tse (Jul 24)
- RE: CRv2 - Questions The Death (Jul 24)
- RE: CRv2 - Questions The Death (Jul 22)
- Re: CRv2 - Questions Nick FitzGerald (Jul 22)