On Wed, Apr 30, 2008 at 09:44:42PM +0000, Brandon Enright wrote:
> So what this really gets down to is the need to stop using rand() on
> Windows. OpenSSL provides an excellent RNG so if/when OpenSSL gets
> integrated into Windows we can side-step this whole issue.
>
> The other (not mutually-exclusive) option available to us is to
> implement our own PRNG using Mersenne Twister or some other
> high-quality PRNG. This has a few advantages over what we have right
> now:
>
> * Even if OpenSSL isn't compiled in, we'll still have a good RNG source
>
> * We could implement a --seed option to generate the *same* set of IPs
> across all operating systems Nmap runs on
This seems unstable to me. The IP generator would need its own random
state to avoid being desynchronized by other things that need random
numbers, like acknowledgement numbers. Two runs could get out of sync
after the first scan group, if a different number of retransmits were
necessary, say.
Even if the IP generator has its own state, you could get different
results across versions because of different reserved IP ranges. That's
not so bad, because any IP address that became reserved would be omitted
in the newer version and replaced by a different IP at the end of the
list. But it means you couldn't count on the same seed giving you the
exact same IP addresses.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Apr 30 2008
Intro
