| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Sep 2013 08:54:24 -0700 From: Tom Herbert <therbert@...gle.com> To: David Miller <davem@...hat.com> Cc: David Laight <David.Laight@...lab.com>, Linux Netdev List <netdev@...r.kernel.org>, "Brandeburg, Jesse" <jesse.brandeburg@...el.com> Subject: Re: [PATCH 1/2] net: Toeplitz library functions On Tue, Sep 24, 2013 at 8:39 AM, David Miller <davem@...hat.com> wrote: > From: Tom Herbert <therbert@...gle.com> > Date: Tue, 24 Sep 2013 08:22:55 -0700 > >> We use this value for steering, and could use it for other uses like >> connection lookup. > > For security reasons we absolutely cannot use it for that purpose, > please stop claiming this. > > Any hash function which an attacker can reproduce is attackable. The Toeplitz function uses a secret key whose length is based on the input length. 96 bits in IPv4, 320 bits in IPv6. I don't see how an attacker can reproduce this if the key is random. If the problem is that devices are not being configured with a sufficiently random key (some actually are using a fixed key :-( ), that's a separate issue that should be addressed. It is possible to DoS attack through the steering mechanism. Tom -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists