| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jul 2011 19:40:55 +0200 From: Martin Mares <mj@....cz> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: ipv4: Simplify ARP hash function. Hello! > Using Jenkins is over the top. > > If the premise is that the hash_rnd is a random unpredictable key, > then: > > key ^ dev->ifindex ^ hash_rnd > > results in an unpredictable hash result, even if an attacker > controls 'key' and 'dev->ifindex' completely. > > Therefore, if this hash result is unpredictable, then the > final fold phase of: > > (val >> 8) ^ (val >> 16) ^ (val >> 24) > > is unpredictable as well. If I understand the new hash function correctly, it should be very easy for an outside attacker to force arbitrary collisions. The hash function is linear, so it can be reduced to: a = key ^ dev->ifindex return (a >> 8) ^ (a >> 16) ^ (a >> 24) // (1) ^ (hash_rnd >> 8) ^ (hash_rnd >> 16) ^ (hash_rnd >> 24) // (2) Where (1) is under control of the attacker and while (2) is not, the only effect of (2) is a random permutation on the hash buckets. I.e., the attacker can generate arbitrarily long collision chains, although he cannot pick the bucket where the collisions happen :) Am I right? Have a nice fortnight -- Martin `MJ' Mares <mj@....cz> http://mj.ucw.cz/ Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth If going to a church makes you a Christian, does going to a garage make you a car? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists