On Tue, 25 Feb 2014 20:38:46 +0200 Maciej Fijalkowski <fijall at gmail.com> wrote: > > My impression is that a lot of discussion went into hash > randomization, because it was a high profile issue. It got "fixed", > then later someone discovered that the fix is completely broken and > was left at that without much discussion because it's no longer "high > visibility". I would really *like* to perceive this process as a lot > of discussion going into because of ramification of changes. Most of the discussion, AFAIR, was about the potential backwards compatibility issues (which led to the decision of adding hash randomization in 2.7, but disabled by default). But you're right that for some reason it suddenly became a "high profile issue" while the general attack mechanism had apparently been known for years. (and AFAIK there's no proof of actual attacks in the wild) Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4