[En-Nut-Discussion] local tcp port randomisation
enut at cicely.de
Wed Jul 4 18:46:37 CEST 2012
On Wed, Jul 04, 2012 at 12:09:25PM +0200, Harald Kipp wrote:
> Hi all,
> On 04.07.2012 11:42, Bernd Walter wrote:
> > On Tue, Jul 03, 2012 at 10:10:44PM -0400, Nathan Moore wrote:
> >> I think that the distinction between random and undefined needs to be
> >> made. My guess is that most systems would produce very predictable values
> >> for this.
> > Undefined is that you don't know the value, but in fact undefined can
> > also always be a static value.
> > Random is defined as unpredictable and statisticaly even spread.
> > undefined completely fails on both point.
> Thank you for your comments. That's probably all valuable information, specifically for the TLS development in
> But I'd suggest to open up a new thread, because we are losing the topic of this one. Please refer to the initial question that Michel Hendriks posted in 2005 and Ole brought back to our attention.
> The comments probably do not mean "Unless we have an unpredictable random generator, we better leave the ephemeral port selection as it is and accept the failure that Michel described",
> or do they?
I oversaw the point that it originates in something else than based
on security whishes, which is the reason why people usually want
Random ports to ensure uniquesness sounds very questionable, especially
as increasing is much simpler and safer for this purpose.
And for security reasons it's snakeoil unless done with real random
I personally never saw a problem, but I'm also not doing many outgoing
connections, so this won't indicate anything.
B.Walter <bernd at bwct.de> http://www.bwct.de
Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.
More information about the En-Nut-Discussion