Skip to content
This repository has been archived by the owner on Apr 9, 2020. It is now read-only.

关于安全性问题 #176

Closed
Aniark opened this issue Nov 25, 2016 · 3 comments
Closed

关于安全性问题 #176

Aniark opened this issue Nov 25, 2016 · 3 comments

Comments

@Aniark
Copy link

Aniark commented Nov 25, 2016

https://github.com/breakwa11/shadowsocks-rss/issues/448

如以上链接所示,此问题是否能修复?

@Remonli
Copy link

Remonli commented Dec 7, 2016

@cyfdecyf 已经很久没有提交代码了。

@lxohi
Copy link
Contributor

lxohi commented Jan 18, 2017

这个问题无法被彻底解决,因为ss的协议就是这样的。但是可以去掉代码中对ATYP字节的&F,这样能让探测的最高枚举次数从8次变为256次,但是这个也是一个设计问题,就看维护者的想法了。
另外如果可能的话增加iv cache也不错,命中cache则抛弃,这样攻击者需要耗尽cache才能进行下一次枚举,枚举次数会极大提升。

@lixin9311
Copy link
Collaborator

Fixed in develop branch

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants