RE: CRv2 - Questions

[Jose Nazario <jose () biocserver BIOC cwru edu>]

On Mon, 23 Jul 2001, The Death wrote:

> You are right, i did not notice that the total number is covering the
> entire possible 32-bit positions (therefore, all IPs). In any case,
> this IS considered a PRNG, it is just that the seeding configurations
> (using static seeds and not random seeds) break the security, and
> bring it to a level of a simple, known, list.

i intended to do this analysis of 'randb', the class b PRNG used in ramen
and its cousins. never got around to it, happy to see that someone else
has looked at CR's PRNG. (ie warn the networks which are most likely to
show up as targets based on the output of the PRNG.)

however, the fact that it hit *all* values of 2^32 suggests it probably,
like ramen did, screwed with the multicast networks. ie the traffic storms
were massive. any word from you mcast people on the fallout from CR?

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com