#25 Harden evdns.c even more against Dan's attack

open
nobody
None
3
2010-05-09
2008-07-15
No

Kaminsky's attack are supposed to affect recursive resolvers and caching resolvers worst, and evdns.c is neither. Nevertheless, we should do what we can, by:

1) making sure that our code double-checks replies against request properly, and

2) warning if the prng is not sent to something secure, and maybe

3) adding support for randomized source-ports

Discussion

  • Nick Mathewson

    Nick Mathewson - 2010-01-22

    For #2, we could add a secure prng to libevent. That might be a bit crazy though.

     
  • Nick Mathewson

    Nick Mathewson - 2010-05-09
    • priority: 5 --> 3
    • summary: Harden evdns.c against Dan's attack --> Harden evdns.c even more against Dan's attack
     
  • Nick Mathewson

    Nick Mathewson - 2010-05-09

    We've done all of this except for randomized source-ports. Moving to feature-requests

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks