| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Mar 2014 16:33:55 -0400 (EDT) From: David Miller <davem@...emloft.net> To: hannes@...essinduktion.org Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-next] ipv6: strengthen fallback fragmentation id generation From: Hannes Frederic Sowa <hannes@...essinduktion.org> Date: Sun, 30 Mar 2014 18:28:03 +0200 > First off, we don't need to check for non-NULL rt any more, as we are > guaranteed to always get a valid rt6_info. Drop the check. > > In case we couldn't allocate an inet_peer for fragmentation information > we currently generate strictly incrementing fragmentation ids for all > destination. This is done to maximize the cycle and avoid collisions. > > Those fragmentation ids are very predictable. At least we should try to > mix in the destination address. > > While it should make no difference to simply use a PRNG at this point, > secure_ipv6_id ensures that we don't leak information from prandom, > so its internal state could be recoverable. > > This fallback function should normally not get used thus this should > not affect performance at all. It is just meant as a safety net. > > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org> Looks good, thanks Hannes. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists