missing changelog for 0x20 hack

svn:r17185
author: Nick Mathewson <nickm@torproject.org> 2008-11-03 15:45:27 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-11-03 15:45:27 +0000
commit: 69cda761682df176c9161f4685debcf01d496345 (patch)
tree: 6cd7240ad0d8eb158cacdeb2a5bf670f7a5a3303 /ChangeLog
parent: ebe4ef12b9ae71cec50a5fced923057e5a3e5f54 (diff)
download: tor-69cda761682df176c9161f4685debcf01d496345.tar
tor-69cda761682df176c9161f4685debcf01d496345.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index b49a3d00d..4e8901f42 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,13 @@ Changes in version 0.2.1.7-alpha - 2008-11-xx
       Suggested by Lucky Green.
     - Preserve case in replies to DNSPort requests in order to support
       the 0x20 hack for resisting DNS poisoning attacks.
+    - Implement the 0x20 hack to better resist DNS poisoning: set the
+      case on outgoing DNS requests randomly, and reject responses
+      that do not match the case correctly.  This logic can be
+      disabled with the ServerDNSRamdomizeCase setting, if you are
+      using one of the 0.3% of servers that do not reliably preserve
+      case in replies.  See "Increased DNS Forgery Resistance through
+      0x20-Bit Encoding" for more info.
 
   o Hidden service performance improvements:
     - When the client launches an introduction circuit, retry with a
author	Nick Mathewson <nickm@torproject.org>	2008-11-03 15:45:27 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-11-03 15:45:27 +0000
commit	69cda761682df176c9161f4685debcf01d496345 (patch)
tree	6cd7240ad0d8eb158cacdeb2a5bf670f7a5a3303 /ChangeLog
parent	ebe4ef12b9ae71cec50a5fced923057e5a3e5f54 (diff)
download	tor-69cda761682df176c9161f4685debcf01d496345.tar tor-69cda761682df176c9161f4685debcf01d496345.tar.gz