|
|
@@ -0,0 +1,12 @@
|
|
|
+ o Minor features:
|
|
|
+
|
|
|
+ - Avoid hash-flooding denial-of-service attacks by using the secure
|
|
|
+ SipHash-2-4 hash function for our hashtables. Without this
|
|
|
+ feature, an attacker could degrade performance of a targeted
|
|
|
+ client or server by flooding their data structures with a large
|
|
|
+ number of data entries all calculated to be stored at the same
|
|
|
+ hash table position, thereby degrading hash table
|
|
|
+ performance. With this feature, hash table positions are derived
|
|
|
+ from a randomized cryptographic key using SipHash-2-4, and an
|
|
|
+ attacker cannot predict which entries will collide.
|
|
|
+ Closes ticket 4900.
|
Nick Mathewson