[Swan-dev] Question on get_cookie() code
Paul Wouters
paul at nohats.ca
Thu Jan 7 15:25:23 UTC 2016
On Tue, 5 Jan 2016, Paul Wouters wrote:
> Subject: [Swan-dev] Question on get_cookie() code
> I'm looking at get_cookie() which is used to generate SPI's for the IKE
> SA. The function has basically been the same since the old freeswan
> days:
> if (initiator) {
> get_rnd_bytes(cookie, length);
> } else {
[...]
> My question is, why is there a different process for generating the
> initiator and responder SPI? Both just need to be very random.
After talking to Hugh, it became clear and I've added comments to the
code.
First, using a hash ensures we are not giving out pure random from our
pool, just to be extra paranoid at not leaking our internal random
state.
Second, attackers cannot deplete our entropy pool.
Paul
More information about the Swan-dev
mailing list