| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20130924.140312.1944338200709799169.davem@redhat.com> Date: Tue, 24 Sep 2013 14:03:12 -0400 (EDT) From: David Miller <davem@...hat.com> To: therbert@...gle.com Cc: David.Laight@...lab.com, netdev@...r.kernel.org, jesse.brandeburg@...el.com Subject: Re: [PATCH 1/2] net: Toeplitz library functions From: Tom Herbert <therbert@...gle.com> Date: Tue, 24 Sep 2013 08:54:24 -0700 > On Tue, Sep 24, 2013 at 8:39 AM, David Miller <davem@...hat.com> wrote: >> From: Tom Herbert <therbert@...gle.com> >> Date: Tue, 24 Sep 2013 08:22:55 -0700 >> >>> We use this value for steering, and could use it for other uses like >>> connection lookup. >> >> For security reasons we absolutely cannot use it for that purpose, >> please stop claiming this. >> >> Any hash function which an attacker can reproduce is attackable. > > The Toeplitz function uses a secret key whose length is based on the > input length. 96 bits in IPv4, 320 bits in IPv6. I don't see how an > attacker can reproduce this if the key is random. If the problem is > that devices are not being configured with a sufficiently random key > (some actually are using a fixed key :-( ), that's a separate issue > that should be addressed. It is possible to DoS attack through the > steering mechanism. All of them are using a fixed, defined, key. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists