| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 Dec 2010 09:32:55 +0100 From: Martin Willi <martin@...ongswan.org> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: linux-crypto@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH 3/5] xfrm: Traffic Flow Confidentiality for IPv4 ESP > What is the basis of this random length padding? Let assume a peer does not support ESPv3 padding, but we have to pad a small packet with more than 255 bytes. We can't, the ESP padding length field is limited to 255. We could add 255 fixed bytes, but an eavesdropper could just subtract the 255 bytes from all packets smaller than the boundary, rendering our TFC efforts useless. By inserting a random length padding in the range possible, the eavesdropper knows that the packet has a length between "length" and "length - 255", but can't estimated its exact size. I'm aware that this is not optimal, but probably the best we can do(?). > Also, what happens when padto exceeds the MTU? Doesn't this > effectively disable PMTU-discovery? Yes. An administrator setting a padto value larger than PMTU can currently break PMTU discovery. > I know that your last patch allows the padto to be set by PMTU. > But why would we ever want to use a padto that isn't clamped by > PMTU? Probably never, valid point. I'll add PMTU clamping to the next revision. We probably can drop the PMTU flag then and just use USHRT_MAX instead. Thanks! Martin -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists