Hi Ondřej, Just because someone else does something, even a "big name", doesn't necessarily make it a good idea for us to also do it. We should be able to justify our algorithm choices on cryptographic principles, not just appeal to authority. In a similar vein, you said something about the 32-bit timestamp being wide enough to prevent brute-force attacks. Could you say a bit more about what attacks those are that are being prevented? I'm not really seeing how the width of the timestamp comes into play for that concern, just from a quick skim of the document. (Timestamps tend to not provide much protection against brute force by themselves, since time is relatively guessable, especially to seconds precision.) Thanks, Ben On Wed, Dec 02, 2020 at 11:18:29PM +0100, Ondřej Surý wrote: > SYN cookies in both Linux and FreeBSD uses siphash. > > * FreeBSD: https://svnweb.freebsd.org/base?view=revision&revision=253210 (since 2013) > * Linux: https://github.com/torvalds/linux/commit/fe62d05b295bde037fa324767674540907c89362#diff-14feef60c3dbcf67539f089de04546c907233cbae09e1b2dd2c2bc6d6eae4416 (since 2017) > > I believe that the SYN cookies have exactly the same properties as DNS cookies. > > Ondrej > -- > Ondřej Surý (He/Him) > ondrej@xxxxxxx > > > On 2. 12. 2020, at 22:15, Eric Rescorla <ekr@xxxxxxxx> wrote: > > > > Well hash tables are an application with somewhat different security properties than MACs, so I don't think this is dispositive. > > > > _______________________________________________ > secdir mailing list > secdir@xxxxxxxx > https://www.ietf.org/mailman/listinfo/secdir > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
