lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 01 Nov 2019 14:59:23 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     edumazet@...gle.com
Cc:     netdev@...r.kernel.org, eric.dumazet@...il.com, tnagel@...gle.com
Subject: Re: [PATCH net] inet: stop leaking jiffies on the wire

From: Eric Dumazet <edumazet@...gle.com>
Date: Fri,  1 Nov 2019 10:32:19 -0700

> Historically linux tried to stick to RFC 791, 1122, 2003
> for IPv4 ID field generation.
> 
> RFC 6864 made clear that no matter how hard we try,
> we can not ensure unicity of IP ID within maximum
> lifetime for all datagrams with a given source
> address/destination address/protocol tuple.
> 
> Linux uses a per socket inet generator (inet_id), initialized
> at connection startup with a XOR of 'jiffies' and other
> fields that appear clear on the wire.
> 
> Thiemo Nagel pointed that this strategy is a privacy
> concern as this provides 16 bits of entropy to fingerprint
> devices.
> 
> Let's switch to a random starting point, this is just as
> good as far as RFC 6864 is concerned and does not leak
> anything critical.
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Reported-by: Thiemo Nagel <tnagel@...gle.com>

Applied and queued up for -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ