inet: switch IP ID generator to siphash
According to Amit Klein and Benny Pinkas, IP ID generation is too weak and might be used by attackers. Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix()) having 64bit key and Jenkins hash is risky. It is time to switch to siphash and its 128bit keys. Signed-off-by:Eric Dumazet <edumazet@google.com> Reported-by:
Amit Klein <aksecurity@gmail.com> Reported-by:
Benny Pinkas <benny@pinkas.net> Signed-off-by:
David S. Miller <davem@davemloft.net>
Loading
-
mentioned in commit 8d9b786e
-
mentioned in commit d1d6fe98
-
mentioned in commit 4f7bd8bf
-
mentioned in commit 91460c9a
-
mentioned in commit 0c87fdd8
-
mentioned in commit 2cc34937
-
mentioned in commit d8e914e0
-
mentioned in commit 761bf973
-
mentioned in commit 262266da
-
mentioned in commit 56e48889
-
mentioned in commit aeaf285e
Please sign in to comment