[MaraDNS list] Hash compression function attacks: Deadwood is immune

Sam Trenholme maradns at gmail.com
Thu Dec 29 12:16:30 EST 2011


There has been a lot of noise being made about programs being
vulnerable to denial of service attacks because attacksers can find
collisions in their hash compression function.

MaraDNS 2.0 is immune to these kinds of attack; I knew about these
attacks back in 2007 when designing Deadwood's hash compression
function, and further hardened Deadwood against them in September of
2010.  From the Deadwood man page:

    To protect Deadwood from certain possible denial-of-service
attacks, it is best if Deadwood's prime number used for hashing
elements in the cache is a random 31-bit prime number. The program
RandomPrime.c generates a random prime that is placed in the file
DwRandPrime.h that is regenerated whenever either the program is
compiled or things are cleaned up with make clean. This program uses
/dev/urandom for its entropy; the file DwRandPrime.h will not be
regenerated on systems without /dev/urandom.

    [...]

    If using a precompiled binary of Deadwood, please ensure that the
system has /dev/urandom support (on Windows system, please ensure that
the file with the name secret.txt is generated by the included
mkSecretTxt.exe program); Deadwood, at runtime, uses /dev/urandom
(secret.txt in Windows) as a hardcoded path to get entropy (along with
the timestamp) for the hash algorithm.

I haven't had a chance to see if MaraDNS 1.0's recursive code is
vulnerable to this attack; it might be and if it is, I will release a
patch.  But Deadwood users don't need to worry about this attack,
because I already was worrying about it four years ago.

- Sam


More information about the list mailing list