libevent - an asynchronous event library / Feature Requests / #25 Harden evdns.c even more against Dan's attack

#25 Harden evdns.c even more against Dan's attack

Status: open

Owner: nobody

Labels: None

Priority: 3

Updated: 2010-05-09

Created: 2008-07-15

Creator: Nick Mathewson

Private: No

Kaminsky's attack are supposed to affect recursive resolvers and caching resolvers worst, and evdns.c is neither. Nevertheless, we should do what we can, by:

1) making sure that our code double-checks replies against request properly, and

2) warning if the prng is not sent to something secure, and maybe

3) adding support for randomized source-ports

Discussion

Nick Mathewson - 2010-01-22

For #2, we could add a secure prng to libevent. That might be a bit crazy though.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Nick Mathewson - 2010-05-09

priority: 5 --> 3

summary: Harden evdns.c against Dan's attack --> Harden evdns.c even more against Dan's attack
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Nick Mathewson - 2010-05-09

We've done all of this except for randomized source-ports. Moving to feature-requests

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Harden evdns.c even more against Dan's attack

Group

Searches

Help

#25 Harden evdns.c even more against Dan's attack

Discussion