| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Feb 2007 18:20:26 +0100 From: Eric Dumazet <dada1@...mosbay.com> To: Evgeniy Polyakov <johnpol@....mipt.ru> Cc: "Michael K. Edwards" <medwards.linux@...il.com>, David Miller <davem@...emloft.net>, akepner@....com, linux@...izon.com, netdev@...r.kernel.org, bcrl@...ck.org Subject: Re: Extensible hashing and RCU On Tuesday 20 February 2007 17:59, Evgeniy Polyakov wrote: > On Tue, Feb 20, 2007 at 05:38:19PM +0100, Eric Dumazet (dada1@...mosbay.com) wrote: > > > It is secrecy, not security - attacker will check the source and find > > > where constant per-boot value is added and recalculate attack vector - > > > we all were college students, it would be even more fun to crack. > > > > > > In that regard Jenkins ahsh and XOR one have _exactly_ the same attack > > > vector, only Jenkins is a bit more sophisticated. I even think that > > > example in rt_hash_code() will endup with heavy problems when one of > > > the addresses is constant - my tests show problem exactly in the case > > > of jhash_2words() with random third parameter and constant one of the > > > first like in rt_hash_code(). > > > > Please define heavy problem. > > > > On most hosts, with one NIC, one IP address, most entries in cache have > > the same address (IP address of eth0 or localhost). It just works. > > > > Last time I checked, the 2^21 route cache I am using was correctly > > filled, thanks to jhash. > > > > Again, the random value is 32bits. If jhash happens to be cracked by your > > students, we just put md5 or whatever in... > > > > You can call it secrecy or whatever, fact is : it's just working, far > > better than XOR previous hash function. > > Hmm, I've just ran following test: > 1. created 2^20 hash table. > 2. ran in loop (100*(2^20) iterations) following hashes: > a. xor hash (const_ip, const_ip, random_word) So what ? to attack me you want to send 100*2^20 packets every minute ? Thats nonsense... If you really can send so many packets, My pipe is full whatever I do of received packets. No Algo will protect me, even designed by Einstein. If you look again at route cache, you will see chains length are limited by elasticity factor, that is usually 8... No need to try to reach 100 entries in a chain. Yes, I can destroy Russia sending 2^10 nuclear weapons on major cities. You really should build a bunker right now :) Now try to build an attack with 100 packets per second... and I will try to be smart too. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists