On Tue, 5 Jan 2016, Paul Wouters wrote:
Subject: [Swan-dev] Question on get_cookie() code
I'm looking at get_cookie() which is used to generate SPI's for the IKE
SA. The function has basically been the same since the old freeswan
days:
if (initiator) {
get_rnd_bytes(cookie, length);
} else {
[...]
My question is, why is there a different process for generating the
initiator and responder SPI? Both just need to be very random.
After talking to Hugh, it became clear and I've added comments to the
code.
First, using a hash ensures we are not giving out pure random from our
pool, just to be extra paranoid at not leaking our internal random
state.
Second, attackers cannot deplete our entropy pool.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
