git.samba.org / sfrench / cifs-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e9b70a) | patch
tcp: resalt the secret every 10 seconds
authorEric Dumazet <edumazet@google.com>
Mon, 2 May 2022 08:46:10 +0000 (10:46 +0200)
committerJakub Kicinski <kuba@kernel.org>
Thu, 5 May 2022 02:22:21 +0000 (19:22 -0700)
commit4dfa9b438ee34caca4e6a4e5e961641807367f6f
tree984d6cdbe8afca38457c885a6456e13bf7c87750tree
parent9e9b70ae923baf2b5e8a0ea4fd0c8451801ac526commit | diff
tcp: resalt the secret every 10 seconds

In order to limit the ability for an observer to recognize the source
ports sequence used to contact a set of destinations, we should
periodically shuffle the secret. 10 seconds looks effective enough
without causing particular issues.

Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/core/secure_seq.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.