From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 12 Feb 2014 17:20:29 +0000 (-0500)
Subject: Changes file for feature4900
X-Git-Tag: tor-0.2.5.3-alpha~71^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10d1b0b33ed73d9696d1695196bf397ccaab31d9;p=thirdparty%2Ftor.git

Changes file for feature4900
---

diff --git a/changes/feature4900 b/changes/feature4900
new file mode 100644
index 0000000000..378ce12ae6
--- /dev/null
+++ b/changes/feature4900
@@ -0,0 +1,12 @@
+  o Minor features:
+
+    - Avoid hash-flooding denial-of-service attacks by using the secure
+      SipHash-2-4 hash function for our hashtables.  Without this
+      feature, an attacker could degrade performance of a targeted
+      client or server by flooding their data structures with a large
+      number of data entries all calculated to be stored at the same
+      hash table position, thereby degrading hash table
+      performance. With this feature, hash table positions are derived
+      from a randomized cryptographic key using SipHash-2-4, and an
+      attacker cannot predict which entries will collide.
+      Closes ticket 4900.