[En-Nut-Discussion] local tcp port randomisation

Ulrich Prinz ulrich.prinz at googlemail.com
Thu Jul 5 12:28:59 CEST 2012


Hey guys,

Did anyone read my _full_ answer?
I already said that it is likely not random...

2012/7/4 Harald Kipp <harald.kipp at egnite.de>:
> Hi Bernd,
>
>  ticks = (uint16_t) NutGetMillis();

This isn't random either as it is always the same value measured from
power-on to time X, exactly as my value that is init to 0x0000 by most
platforms formatting data and bss to 0x00.

This:
>  ticks = (uint16_t) NutGetMillis();
>  if (first)
>   port = ticks;
>  else
>   port += (uint16_t) ((ticks & 0x000F) | 1);
>  port |= 0xC000;
>

end this:
> ticks = (uint16_t) NutGetMillis();
> port += ( ticks & 0x000F) | 1;
> port |= 0xC000;

has exactly the same security level while my version produces less code.

Again, if you need something random, read the CPU internal temperature
ADC value or read a reverse PN junction of a transistor via ADC. But
even that could be breached as one could apply a stable voltage to the
ADC pin overriding the noise produced by the PN.

Ulrich



More information about the En-Nut-Discussion mailing list