tor/changes/bug40391

  o Major bugfixes (security):
    - Resist a hashtable-based CPU denial-of-service attack against
      relays. Previously we used a naive unkeyed hash function to look up
      circuits in a circuitmux object. An attacker could exploit this to
      construct circuits with chosen circuit IDs in order to try to create
      collisions and make the hash table inefficient.  Now we use a SipHash
      construction for this hash table instead. Fixes bug 40391; bugfix on
      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
      Reported by Jann Horn from Google's Project Zero.
Use a more secure hash function for the circuitmux hashtable. Fixes bug 40931; bugfix on 0.2.4.4-alpha. Also tracked as TROVE-2021-005. This issue was reported by Jann Horn from Google's Project Zero. 2021-05-18 14:40:09 +02:00			`o Major bugfixes (security):`
			`- Resist a hashtable-based CPU denial-of-service attack against`
			`relays. Previously we used a naive unkeyed hash function to look up`
			`circuits in a circuitmux object. An attacker could exploit this to`
			`construct circuits with chosen circuit IDs in order to try to create`
			`collisions and make the hash table inefficient. Now we use a SipHash`
			`construction for this hash table instead. Fixes bug 40391; bugfix on`
			`0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.`
			`Reported by Jann Horn from Google's Project Zero.`