upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-28 13:24:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Witold Kręcicki 6cd89d5e9f Use non-cryptographically-secure PRNG to generate a nonce for cookies. 
Rationale: the nonce here is only used to make sure there is a low
probability of duplication, according to section B.2 of RFC7873.
It is only 32-bit, and even if an attacker knows the algorithm used
to generate nonces it won't, in any way, give him any platform to
attack the server as long as server secret used to sign the
(nonce, time) pair with HMAC-SHA1 is secure.

On the other hand, currently, each packet sent requires (unnecessarily)
a CS pseudo-random number which is ineffective.
2018-10-26 07:54:58 +00:00
..
bind9 Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256 2018-10-25 08:15:42 +02:00
dns free hkey on error 2018-10-26 17:46:15 +11:00
irs Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256 2018-10-25 08:15:42 +02:00
isc Check for individual OpenSSL functions instead of relying on version number 2018-10-26 06:15:51 +02:00
isccc Add generic hashed message authentication code API (isc_hmac) to replace specific HMAC functions hmacmd5/hmacsha1/hmacsha2... 2018-10-25 08:15:42 +02:00
isccfg Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256 2018-10-25 08:15:42 +02:00
ns Use non-cryptographically-secure PRNG to generate a nonce for cookies. 2018-10-26 07:54:58 +00:00
samples Add @OPENSSL_LIB@ to Windows project files as needed 2018-08-10 16:45:00 +02:00
win32/bindevt address win32 build issues 2018-05-22 16:32:21 -07:00
.gitignore added gitignore, removed cvsignore 2012-03-03 23:10:05 -08:00
Atffile [master] add libns and remove liblwres 2017-09-08 13:47:34 -07:00
Kyuafile regen master 2017-12-29 01:44:18 +00:00
Makefile.in remove lib/tests as nothing uses it anymore 2018-03-09 14:12:50 -08:00