The OpenBSD project has been very aggressive in its use of strong
pseudo-random data in its network code; as a policy, pseudo-random data
is used in protocol fields wherever possible, in many cases in a way not
envisioned by the protocol designers. Randomness is also used within the
network code to protect against denial of service attacks.
This presentation outlines the reasons for this approach, discusses how
and where it is implemented in OpenBSD, and provides examples of attacks
which this approach has mitigated.
Why this is important:
This provides real security benefits. We want people to:
- implement and turn on this stuff by default in other OSes,
- in particular, the more people that do this, the less
applications will depend on the broken behaviour.
- point out any other possible randomisations that we have missed
speaker: Ryan McBride
location: SITE H0104