aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog22
1 files changed, 11 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 8002e4e04..3968337ec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,19 @@
Changes in version 0.2.5.3-alpha - 2014-03-??
- o Major features:
+ o Major features (security, DoS-resistance):
- Also consider stream buffer sizes when calculating OOM
conditions. Rename MaxMemInCellQueues to MaxMemInQueues. Fixes
bug 10169.
+ - Avoid hash-flooding denial-of-service attacks by using the secure
+ SipHash-2-4 hash function for our hashtables. Without this
+ feature, an attacker could degrade performance of a targeted
+ client or server by flooding their data structures with a large
+ number of data entries all calculated to be stored at the same
+ hash table position, thereby degrading hash table
+ performance. With this feature, hash table positions are derived
+ from a randomized cryptographic key using SipHash-2-4, and an
+ attacker cannot predict which entries will collide.
+ Closes ticket 4900.
o Minor features:
- Bridges write the SHA1 digest of their identity key fingerprint to
@@ -23,16 +33,6 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
database.
- Decrease the lower limit of MaxMemInQueues to 256 MBytes, to
appease raspberry pi users. Fixes bug 9686.
- - Avoid hash-flooding denial-of-service attacks by using the secure
- SipHash-2-4 hash function for our hashtables. Without this
- feature, an attacker could degrade performance of a targeted
- client or server by flooding their data structures with a large
- number of data entries all calculated to be stored at the same
- hash table position, thereby degrading hash table
- performance. With this feature, hash table positions are derived
- from a randomized cryptographic key using SipHash-2-4, and an
- attacker cannot predict which entries will collide.
- Closes ticket 4900.
- Made PREDICTED_CIRCS_RELEVANCE_TIME configurable from config
file with a new option, PredictedPortsRelevanceTime. Implements
ticket #9176. Patch by unixninja92.