| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jun 2012 21:50:32 +0200 From: Florian Westphal <fw@...len.de> To: David Miller <davem@...emloft.net> Cc: brouer@...hat.com, eric.dumazet@...il.com, hans.schillstrom@...csson.com, subramanian.vijay@...il.com, dave.taht@...il.com, netdev@...r.kernel.org, ncardwell@...gle.com, therbert@...gle.com, mph@...h.dk Subject: Re: [PATCH v2 net-next] tcp: avoid tx starvation by SYNACK packets David Miller <davem@...emloft.net> wrote: > From: Jesper Dangaard Brouer <brouer@...hat.com> > Date: Wed, 27 Jun 2012 08:32:13 +0200 > > > Using it as default, might be "dangerous" and open an attack vector > > on SYN cookies in Linux. > > If it's dangerous for syncookies then it's just as dangerous for > the routing hash and the socket hashes where we use it already. > Therefore, this sounds like a baseless claim to me. I doubt using jhash is safe for syncookies. There a several differences to other uses in kernel: - all hash input except u32 cookie_secret[2] is known - we transmit hash result (i.e, its visible to 3rd party) - we do not re-seed the secret, ever it should be quite easy to recompute cookie_secret[] from known syncookie values? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists