[En-Nut-Discussion] local tcp port randomisation

Ulrich Prinz ulrich.prinz at googlemail.com
Tue Jul 3 23:33:04 CEST 2012


Hi!

port += (uint16_t)NutGetMillis();
port |= 0xC000;

That saves some instructions and should be sufficient:
1) port must not be initialized as it's value should be random

2) adding a value from 0..15 or adding the whole timer doesn't make a 
difference. In both cases it is possible to hit the same port if one 
figures out the right time frame.

3) port is ored with 0xC000 resulting in a valid value according IANA 
regardless how uninitialized it was before.

Remark for 1) Some architectures initialize all RAM segments with 0x00 
so there is no imminent random start value.

If real random ports are needed, use the internal temperature diode, 
read its ADC and add the value to ports, or sample a reverse PN junction 
of a transistor on your ADC input.

In any case you need to track, which ports are used to avoid opening an 
already in-use port a second time.

Best regards
Ulrich

Am 03.07.2012 16:30, schrieb Harald Kipp:
> Hi Nathan,
>
> On 03.07.2012 16:13, Nathan Moore wrote:
>> Is there any reason not to just use the negative port numbers (if you
>> interpret them as signed int so top bit = 1) as the ephemeral ports?
>> The range testing is greatly simplified.
>
> Let me resend my code fragment:
>
>   ticks = (uint16_t) NutGetMillis();
>   if (first)
>    port = ticks;
>   else
>    port += ticks & 0x000F;
>   port |= 0xC000;
>
> Where do you think that signed interpretation combined with a increased range of 32768 to 65535 could simplify the code above. Note, that the IANA range of 49152 to 65535 includes all shorts with two MSBs set.
>
> Regards,
>
> Harald
>
> _______________________________________________
> http://lists.egnite.de/mailman/listinfo/en-nut-discussion
>



More information about the En-Nut-Discussion mailing list