[Swan-dev] Question on get_cookie() code

Paul Wouters paul at nohats.ca
Thu Jan 7 15:25:23 UTC 2016

On Tue, 5 Jan 2016, Paul Wouters wrote:

> Subject: [Swan-dev] Question on get_cookie() code

> I'm looking at get_cookie() which is used to generate SPI's for the IKE
> SA. The function has basically been the same since the old freeswan
> days:

>                 if (initiator) {
>                         get_rnd_bytes(cookie, length);
>                 } else {

> My question is, why is there a different process for generating the
> initiator and responder SPI? Both just need to be very random.

After talking to Hugh, it became clear and I've added comments to the

First, using a hash ensures we are not giving out pure random from our
pool, just to be extra paranoid at not leaking our internal random

Second, attackers cannot deplete our entropy pool.


More information about the Swan-dev mailing list