aboutsummaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-02-15 15:59:10 -0500
committerNick Mathewson <nickm@torproject.org>2014-02-15 15:59:10 -0500
commit35423d397f9d4f7810e538b608ded47c33311026 (patch)
tree61acc3efaad82b92b1752568a03a296738bf03fb /changes
parentb3a69074933492080629d45b1c890606aa2bd08a (diff)
parent1ad6dd0dbee7c757ef5f2f2d38b846ab7d991fb2 (diff)
downloadtor-35423d397f9d4f7810e538b608ded47c33311026.tar
tor-35423d397f9d4f7810e538b608ded47c33311026.tar.gz
Merge branch 'bug4900_siphash_v2'
Diffstat (limited to 'changes')
-rw-r--r--changes/feature490012
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/feature4900 b/changes/feature4900
new file mode 100644
index 000000000..378ce12ae
--- /dev/null
+++ b/changes/feature4900
@@ -0,0 +1,12 @@
+ o Minor features:
+
+ - Avoid hash-flooding denial-of-service attacks by using the secure
+ SipHash-2-4 hash function for our hashtables. Without this
+ feature, an attacker could degrade performance of a targeted
+ client or server by flooding their data structures with a large
+ number of data entries all calculated to be stored at the same
+ hash table position, thereby degrading hash table
+ performance. With this feature, hash table positions are derived
+ from a randomized cryptographic key using SipHash-2-4, and an
+ attacker cannot predict which entries will collide.
+ Closes ticket 4900.