On Wed, 11 Jan 2017 19:57:07 +0100 bancfc@openmailbox.org wrote:
Its my guess that that timer values added in ISNs should now be indistinguishable from the rest of the hashed secret outlined in RFC-6528.[1] Can anyone knowledgeable in reading kernel code [2] please confirm that this kills clock skew extraction [3] and fingerprinting [4] described in Steven Murdoch's papers?
The issue isn't the choice of the hash algorithm, and the patch doesn't change net/core/secure_seq.c:seq_scale() at all, nor how/when it's called.
So no, it doesn't fix the issue.
Regards,