| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1273176614.2222.21.camel@edumazet-laptop> Date: Thu, 06 May 2010 22:10:14 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Neil Horman <nhorman@...driver.com> Cc: netdev@...r.kernel.org, davem@...emloft.net, kuznet@....inr.ac.ru, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net Subject: Re: [PATCH] ipv4: remove ip_rt_secret timer > Doing that doesn't solve my aim however, which is to avoid performing rt_genid > updates when no one is attacking you at all. I completely agree that we can > start the gen_id at some random value (by forcing an initial invalidation), > however. Beyond that however, if someone is managing to guess our secret value, > then we need to make our secret value more complex to determine. Perhaps given > the reduction in the number of times we need to iterate our gen_id with the > timer gone, we can use something more heavyweight to determine the the hash > secret (the cprng perhaps?). Secrets that dont change are known to be honey pots for hackers. I just dont see why we want to risk security regressions for something that proved to work well. Cache invalidation is just a genid change nowadays, and dont have side effects. Considering we do cache invalidation when routes are changed anyway, I dont get why we should avoid the invalidation once every xxx seconds... If you believe this cache invalidation has problems, maybe we should address them and not hide them ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists