diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-02-12 12:20:29 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-02-12 12:20:29 -0500 |
| commit | 10d1b0b33ed73d9696d1695196bf397ccaab31d9 (patch) | |
| tree | 0ec0f9693b3ebedf71776111d3ea3a0ceea67503 | |
| parent | c1e98c8afe2973286f9bef28e760cbf95a2738fd (diff) | |
| download | tor-10d1b0b33ed73d9696d1695196bf397ccaab31d9.tar tor-10d1b0b33ed73d9696d1695196bf397ccaab31d9.tar.gz | |
Changes file for feature4900
| -rw-r--r-- | changes/feature4900 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/feature4900 b/changes/feature4900 new file mode 100644 index 000000000..378ce12ae --- /dev/null +++ b/changes/feature4900 @@ -0,0 +1,12 @@ + o Minor features: + + - Avoid hash-flooding denial-of-service attacks by using the secure + SipHash-2-4 hash function for our hashtables. Without this + feature, an attacker could degrade performance of a targeted + client or server by flooding their data structures with a large + number of data entries all calculated to be stored at the same + hash table position, thereby degrading hash table + performance. With this feature, hash table positions are derived + from a randomized cryptographic key using SipHash-2-4, and an + attacker cannot predict which entries will collide. + Closes ticket 4900. |