[Bug 239724] The ping command doesn't randomize ICMP timestamps and allows system time detection
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 10 15:18:11 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239724
--- Comment #3 from Conrad Meyer <cem at freebsd.org> ---
So the random data in this case is being used as a one-time pad in a message to
ourself to provide privacy. The OTP is subject to forgery.
Since we're talking to ourselves, we have other options.
We could put a MAC on it to prevent forgery. Then we just have classic AEAD or
EtM on the payload data ("now").
Or we could just keep a local association of random tokens to send times in the
program (any map data structure), and just send the tokens and look up echo
time on response.
The latter requires some modest memory use that doesn't seem to matter in
typical ping use ("-i 1"). The former doesn't require the additional memory
use.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list