On Mon, Jun 26, 2017 at 5:45 PM, Todd C. Miller <todd.mil...@courtesan.com> wrote: > On Mon, 26 Jun 2017 08:50:30 -0600, "Todd C. Miller" wrote: > >> On Sun, 25 Jun 2017 14:34:40 -0400, "Ted Unangst" wrote: >> >> > will this cause problems if a number repeats? we've seen problems with that >> > before, where you get a sequence like 4, 7, 4 and then bad things happen. >> >> Yes, that is why it currently just increments. A linear congruential >> generator like we use for IP sequence numbers might work better. > > Replying to myself... An LCG is probably overkill. For IPv4 > sequence IDs we just use a shuffle.
[Sorry, repeating to the list:] Here the only state we have is a previous generation number. We can use it to derive another number (like we do now by incrementing it), but any permutation of it not depending on other state (e.g. secret key) will be predictable (I'm not really sure if unpredictability is needed here — I've read some discussions where it was mentioned, and it seems it is). That's why it uses new randomness, but also the updated diff preserves and increments 8 bits of the previous generation number to avoid repeating it too soon. -- Dmitry Chestnykh https://www.codingrobots.com
