[tor-bugs] #16659 [Metrics/Analysis]: Linux TCP Initial Sequence Numbers may aid correlation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 9 20:00:48 UTC 2017
#16659: Linux TCP Initial Sequence Numbers may aid correlation
------------------------------+--------------------------
Reporter: source | Owner:
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Metrics/Analysis | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+--------------------------
Changes (by cypherpunks):
* severity: => Normal
Comment:
SipHash: a fast short-input PRF by djb. Already used in a number of
networking programs and kernels.
https://131002.net/siphash/
https://en.wikipedia.org/wiki/SipHash
https://phoronix.com/scan.php?page=news_item&px=SipHash-PRF-V3-For-Linux
Patch series to replace MD5/SHA1 with SipHash across the Linux network
stack (including ISNs) already submitted:
http://lkml.iu.edu/hypermail/linux/kernel/1701.1/00074.html
http://lkml.iu.edu/hypermail/linux/kernel/1701.1/00076.html
https://lkml.org/lkml/2016/12/13/596
Other reading:
https://chris-wood.github.io/2016/09/30/TCP-ISN-MD5.html
https://github.com/chris-wood/chris-
wood.github.io/blob/master/_posts/2016-9-23-TCP-Sequence-Prediction.md
https://tools.ietf.org/html/rfc6528
***
Can anyone smart confirm if these changes kill this ISN fingerprinting?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16659#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list