tor/changes/feature4900
2014-02-12 12:20:29 -05:00

13 lines
644 B
Plaintext

o Minor features:
- Avoid hash-flooding denial-of-service attacks by using the secure
SipHash-2-4 hash function for our hashtables. Without this
feature, an attacker could degrade performance of a targeted
client or server by flooding their data structures with a large
number of data entries all calculated to be stored at the same
hash table position, thereby degrading hash table
performance. With this feature, hash table positions are derived
from a randomized cryptographic key using SipHash-2-4, and an
attacker cannot predict which entries will collide.
Closes ticket 4900.