| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130924114853.00003935@unknown> Date: Tue, 24 Sep 2013 11:48:53 -0700 From: Jesse Brandeburg <jesse.brandeburg@...el.com> To: David Miller <davem@...hat.com> Cc: <therbert@...gle.com>, <David.Laight@...lab.com>, <netdev@...r.kernel.org> Subject: Re: [PATCH 1/2] net: Toeplitz library functions On Tue, 24 Sep 2013 14:03:12 -0400 David Miller <davem@...hat.com> wrote: ... > >> For security reasons we absolutely cannot use it for that purpose, > >> please stop claiming this. > >> > >> Any hash function which an attacker can reproduce is attackable. > > ... > > that should be addressed. It is possible to DoS attack through the > > steering mechanism. > > All of them are using a fixed, defined, key. We selected the fixed key on purpose. The existing mechanisms built into the stack for preventing the impact of DOS attacks like NAPI polling will prevent any actual damage even if someone sends lots of packets on a single flow. If someone overflows a receive queue that CPU runs until it can't keep up and then hardware drops further packets. In this case even with a randomized seed key any single flow can still be targeted at a queue, which is no different than a single queue adapter. I'm not convinced there is an actual impact in practice. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists