[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] SipHash Impact on TCP ISN skew fingerprinting

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] SipHash Impact on TCP ISN skew fingerprinting
From: bancfc@xxxxxxxxxxxxxxx
Date: Wed, 11 Jan 2017 19:57:07 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 Jan 2017 14:06:35 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1484161030; bh=2ybsZscIidnYbNwCR2Xw1HVKx/NA4RGQWKaZ03wm0sQ=; h=Date:From:To:Subject:From; b=CFn6/Ah+ytEwjlvfR/U0gZjAMEerL9d35px7aHCen1VTj9IlazBzQcGXnG20cyI1u T7PBj7sCup4oVjGBfn7vSvpIgCQ/pTBDxHlMKqzs1XDH4h8JJtjErq+f3mBMI+OYeT ucRnIXqfbG2CXdYccRqzhyvZlEhEz81R2HYmZM74=
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.0.6

SipHash a fast PRF by DJB has been adopted upstream across the Linuxnetworking stack landing in 4.11. It deprecates a lot of ancient andbroken crypto like MD5 for initial sequence number hashes.

Its my guess that that timer values added in ISNs should now beindistinguishable from the rest of the hashed secret outlined inRFC-6528.[1] Can anyone knowledgeable in reading kernel code [2] pleaseconfirm that this kills clock skew extraction [3] and fingerprinting [4]described in Steven Murdoch's papers?

Its one of the advanced attacks we've been following for some time nowand would be good to write it off.


***

[1] https://tools.ietf.org/html/rfc6528

[2] http://lkml.iu.edu/hypermail/linux/kernel/1701.1/00076.html

[3] http://sec.cs.ucl.ac.uk/users/smurdoch/papers/ih05coverttcp.pdf(pages 7-8)


[4] http://sec.cs.ucl.ac.uk/users/smurdoch/papers/ccs06hotornot.pdf
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] SipHash Impact on TCP ISN skew fingerprinting
  - From: Yawning Angel

Prev by Author: Re: [tor-dev] [RFC] Proposal for the encoding of prop224 onion addresses
Next by Author: [tor-dev] git-update: transparently torified git pulls
Previous by thread: Re: [tor-dev] Remaining 4 bits in prop224 addresses
Next by thread: Re: [tor-dev] SipHash Impact on TCP ISN skew fingerprinting
Index(es):
- Author
- Thread