nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 13:06:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
a94c486102
tor/changes/ticket19769
Nick Mathewson 609065f165 DefecTor countermeasure: change server- and client-side DNS TTL clipping 
The server-side clipping now clamps to one of two values, both
for what to report, and how long to cache.

Additionally, we move some defines to dns.h, and give them better
names.
2017-01-18 08:55:57 -05:00

8 lines
416 B
Plaintext
Raw Blame History

o Major features (security):
- Change the algorithm used to decide DNS TTLs on client and server side,
to better resist DNS-based correlation attacks like the DefecTor attack
of Greschbach, Pulls, Roberts, Winter, and Feamster). Now
relays only return one of two possible DNS TTL values, and clients
are willing to believe DNS TTL values up to 3 hours long.
Closes ticket 19769.
Reference in New Issue View Git Blame Copy Permalink