[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17185: {tor} missing changelog for 0x20 hack (tor/trunk)



Author: nickm
Date: 2008-11-03 10:45:27 -0500 (Mon, 03 Nov 2008)
New Revision: 17185

Modified:
   tor/trunk/ChangeLog
Log:
missing changelog for 0x20 hack

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-11-03 07:00:56 UTC (rev 17184)
+++ tor/trunk/ChangeLog	2008-11-03 15:45:27 UTC (rev 17185)
@@ -12,6 +12,13 @@
       Suggested by Lucky Green.
     - Preserve case in replies to DNSPort requests in order to support
       the 0x20 hack for resisting DNS poisoning attacks.
+    - Implement the 0x20 hack to better resist DNS poisoning: set the
+      case on outgoing DNS requests randomly, and reject responses
+      that do not match the case correctly.  This logic can be
+      disabled with the ServerDNSRamdomizeCase setting, if you are
+      using one of the 0.3% of servers that do not reliably preserve
+      case in replies.  See "Increased DNS Forgery Resistance through
+      0x20-Bit Encoding" for more info.
 
   o Hidden service performance improvements:
     - When the client launches an introduction circuit, retry with a