[En-Nut-Discussion] local tcp port randomisation
Ulrich Prinz
ulrich.prinz at googlemail.com
Thu Jul 5 12:28:59 CEST 2012
Hey guys,
Did anyone read my _full_ answer?
I already said that it is likely not random...
2012/7/4 Harald Kipp <harald.kipp at egnite.de>:
> Hi Bernd,
>
> ticks = (uint16_t) NutGetMillis();
This isn't random either as it is always the same value measured from
power-on to time X, exactly as my value that is init to 0x0000 by most
platforms formatting data and bss to 0x00.
This:
> ticks = (uint16_t) NutGetMillis();
> if (first)
> port = ticks;
> else
> port += (uint16_t) ((ticks & 0x000F) | 1);
> port |= 0xC000;
>
end this:
> ticks = (uint16_t) NutGetMillis();
> port += ( ticks & 0x000F) | 1;
> port |= 0xC000;
has exactly the same security level while my version produces less code.
Again, if you need something random, read the CPU internal temperature
ADC value or read a reverse PN junction of a transistor via ADC. But
even that could be breached as one could apply a stable voltage to the
ADC pin overriding the noise produced by the PN.
Ulrich
More information about the En-Nut-Discussion
mailing list