[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] SipHash Impact on TCP ISN skew fingerprinting



SipHash a fast PRF by DJB has been adopted upstream across the Linux networking stack landing in 4.11. It deprecates a lot of ancient and broken crypto like MD5 for initial sequence number hashes.

Its my guess that that timer values added in ISNs should now be indistinguishable from the rest of the hashed secret outlined in RFC-6528.[1] Can anyone knowledgeable in reading kernel code [2] please confirm that this kills clock skew extraction [3] and fingerprinting [4] described in Steven Murdoch's papers?

Its one of the advanced attacks we've been following for some time now and would be good to write it off.

***

[1] https://tools.ietf.org/html/rfc6528

[2] http://lkml.iu.edu/hypermail/linux/kernel/1701.1/00076.html

[3] http://sec.cs.ucl.ac.uk/users/smurdoch/papers/ih05coverttcp.pdf (pages 7-8)

[4] http://sec.cs.ucl.ac.uk/users/smurdoch/papers/ccs06hotornot.pdf
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev