d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a432399c56
freebsd-dev/sys
History
Mike Silbersack a432399c56 Improve the security and performance of syncookies: 
Security improvements:
- Increase the size of each syncookie secret from 32 to 128 bits
  in order to make brute force attacks on the secrets much more
  difficult.
- Always return the lowest order dword from the MD5 hash; this
  allows us to expose 2 more bits of the cookie and makes ACK
  floods which seek to guess the cookie value more difficult.

Performance improvements:
- Increase the lifetime of each syncookie from 4 seconds to 16
  seconds.  This increases the usefulness of syncookies during
  an attack.
- From Yahoo!: Reduce the number of calls to MD5Update; this
  results in a ~17% increase in cookie generation time here.

Reviewed by:	hsu, jayanth, jlemon, nectar
MFC After:	15 seconds
2003-02-23 19:04:23 +00:00
..
alpha Move MD devices to <machine>/conf/NOTES. 2003-02-23 13:32:33 +00:00
amd64 - Added macros PDESHIFT and PTESHIFT, use these instead of magic constants 2003-02-23 09:45:50 +00:00
arm
boot Simplify page alignment. 2003-02-20 06:47:54 +00:00
cam NO_GEOM cleanup: 2003-02-21 19:00:48 +00:00
coda
compat Add M_WAITOK 2003-02-20 11:24:55 +00:00
conf NO_GEOM cleanup: 2003-02-23 18:45:50 +00:00
contrib NO_GEOM cleanup: 2003-02-22 09:32:57 +00:00
crypto
ddb
dev NO_GEOM cleanup: 2003-02-23 18:45:50 +00:00
fs Do not call smbfs_attr_cacheremove() in the EXDEV case in smbfs_rename(). 2003-02-19 11:54:35 +00:00
geom Drop down Apple Partition Map code that has been in use by some 2003-02-23 01:25:35 +00:00
gnu
i4b
i386 Move MD devices to <machine>/conf/NOTES. 2003-02-23 13:32:33 +00:00
ia64 Change the console interface to pass a "struct consdev *" instead of a 2003-02-20 20:54:45 +00:00
isa
isofs/cd9660
kern Bracket the kern.vnode sysctl in #ifdef notyet because it results 2003-02-23 18:09:05 +00:00
libkern Add an implementation of strdup() to libkern. Allocated memory is of 2003-02-23 14:30:17 +00:00
modules
net
netatalk
netatm
netgraph
netinet Improve the security and performance of syncookies: 2003-02-23 19:04:23 +00:00
netinet6 Remove unused variables in the IPSEC case. 2003-02-20 18:22:21 +00:00
netipsec o add a CRYPTO_F_CBIMM flag to symmetric ops to indicate the callback 2003-02-23 07:25:48 +00:00
netipx
netkey
netnatm
netncp
netns
netsmb
nfs
nfsclient
nfsserver Don't use mbuf allocator flags for malloc(9). 2003-02-22 10:35:37 +00:00
opencrypto o add a CRYPTO_F_CBIMM flag to symmetric ops to indicate the callback 2003-02-23 07:25:48 +00:00
pc98 Add NOTES for pc98. 2003-02-23 13:34:21 +00:00
pccard
pci Make xl use m_getcl() to allocate an mbuf and a cluster in one shot, 2003-02-22 14:46:31 +00:00
posix4
powerpc Doh. Forgot to remove _KERNEL version. 2003-02-23 13:47:44 +00:00
rpc
security
sparc64 Uncomment the xl(4) driver since it's now working properly 2003-02-20 17:08:42 +00:00
sys Add an implementation of strdup() to libkern. Allocated memory is of 2003-02-23 14:30:17 +00:00
tools
ufs This patch fixes a deadlock between the bufdaemon and a process taking 2003-02-22 00:59:34 +00:00
vm
Makefile