Lokacin da kuka ji kalmar "cryptography," wasu mutane suna tunawa da kalmar sirri ta WiFi, koren makullin kusa da adireshin gidan yanar gizon da suka fi so, da kuma yadda yake da wuya a shiga imel ɗin wani. Wasu suna tunawa da jerin lahani a cikin 'yan shekarun nan tare da gajarta (DROWN, FREAK, POODLE...), tambura masu salo da gargaɗi don sabunta burauzar ku cikin gaggawa.
Cryptography ya rufe shi duka, amma ainihin a wani. Batun shine akwai layi mai kyau tsakanin sauki da hadaddun. Wasu abubuwa suna da sauƙin yi, amma da wuya a haɗa su, kamar fasa kwai. Wasu abubuwa suna da sauƙin yi amma suna da wuya a dawo lokacin da ƙaramin, mahimmanci, muhimmin sashi ya ɓace: alal misali, buɗe ƙofar da aka kulle lokacin "ɓangare mai mahimmanci" shine maɓalli. Cryptography yana nazarin waɗannan yanayi da kuma yadda za a iya amfani da su a aikace.
A cikin 'yan shekarun nan, tarin hare-haren sirrin ya rikide zuwa wani gidan adana tambura masu haske, cike da ka'idoji daga takardun kimiyya, kuma ya haifar da rashin jin daɗin cewa komai ya karye. Amma a zahiri, yawancin hare-haren suna dogara ne akan wasu ƙa'idodi na gaba ɗaya, kuma shafukan ƙididdiga marasa iyaka galibi ana dafa su zuwa ra'ayoyi masu sauƙin fahimta.
A cikin wannan jerin kasidu, za mu kalli nau'ikan hare-haren sirri daban-daban, tare da mai da hankali kan ka'idoji na asali. A cikin sharuddan gabaɗaya kuma ba daidai a cikin wannan tsari ba, amma za mu rufe masu zuwa:
- Dabarun asali: Ƙarfin ƙaƙƙarfan ƙarfi, nazarin mita, interpolation, raguwa da ƙa'idodin giciye.
- Lalacewar alamar alama: KYAUTATA, LAIFI, POODLE, DOWN, Logjam.
- Babban Dabaru: hare-haren baka (harin Vodenet, harin Kelsey); Hanyar saduwa-a-tsakiyar, harin ranar haihuwa, ƙididdiga ƙididdiga (ƙididdigar cryptanalysis daban-daban, cryptanalysis na haɗin gwiwa, da sauransu).
- Hare-haren tashoshi na gefe da danginsu na kurkusa, hanyoyin binciken gazawa.
- Hare-hare kan maɓalli na jama'a: Tushen cube, watsa shirye-shirye, saƙo mai alaƙa, harin Coppersmith, Pohlig-Hellman algorithm, sieve lamba, harin Wiener, harin Bleichenbacher.
Wannan labarin musamman ya ƙunshi abubuwan da ke sama har zuwa harin Kelsey.
Dabarun asali
Hare-hare masu zuwa suna da sauƙi a ma'anar cewa ana iya kusan bayyana su gaba ɗaya ba tare da cikakkun bayanai na fasaha ba. Bari mu yi bayanin kowane nau'in hari a cikin mafi sauƙi, ba tare da shiga cikin misalan misalan ba ko manyan abubuwan amfani ba.
Wasu daga cikin waɗannan hare-haren sun zama tsoho kuma ba a yi amfani da su ba shekaru da yawa. Wasu kuma tsofaffin lokaci ne waɗanda har yanzu suna zage-zage akai-akai akan masu haɓaka tsarin crypto na 21st. Za a iya la'akari da zamanin cryptography na zamani ya fara da zuwan IBM DES, farkon sifa don jure kowane hari akan wannan jerin.
Sauƙaƙan ƙarfi mai ƙarfi
Tsarin ɓoyayyen ya ƙunshi sassa biyu: 1) aikin ɓoyewa wanda ke ɗaukar saƙo (launi) haɗe da maɓalli sannan ya samar da rufaffen saƙon—rubutun rubutu; 2) aikin ɓarnawa wanda ke ɗaukar sifar rubutu da maɓalli kuma yana samar da bayyananniyar rubutu. Duka boye-boye da yankewa dole ne su kasance masu sauƙin ƙididdigewa tare da maɓalli-kuma da wahala a gano ba tare da shi ba.
Bari mu ɗauka cewa mun ga rubutun kuma mu yi ƙoƙarin warware shi ba tare da wani ƙarin bayani ba (wannan ana kiransa hari-kawai ciphertext). Idan muka sami madaidaicin maɓalli ta hanyar sihiri, za mu iya tabbatar da cewa hakika daidai ne idan sakamakon saƙon da ya dace.
Lura cewa akwai zato guda biyu a fakaice anan. Da farko, mun san yadda ake yin decryption, wato, yadda tsarin crypto ke aiki. Wannan daidaitaccen zato ne lokacin da ake tattaunawa akan cryptography. Boye cikakkun bayanan aiwatarwa daga maharan na iya zama kamar ƙarin matakan tsaro, amma da zarar maharin ya fayyace waɗannan cikakkun bayanai, wannan ƙarin tsaro yana ɓacewa cikin nutsuwa kuma ba za a iya komawa baya ba. Haka ne : Tsarin fadawa hannun abokan gaba bai kamata ya haifar da damuwa ba.
Na biyu, muna ɗauka cewa maɓalli daidai shine kawai maɓalli wanda zai haifar da ɓarna mai ma'ana. Wannan kuma zato ne mai ma'ana; ya gamsu idan rubutun ya fi tsayi fiye da maɓalli kuma ana iya karantawa. Wannan shi ne yawanci abin da ke faruwa a duniyar gaske, sai dai ko (idan ba ku son korar mu na bayanin, da fatan za a duba Theorem 3.8 ).
Ganin abin da ke sama, dabara ta taso: duba kowane maɓalli mai yiwuwa. Wannan ana kiransa ƙarfin hali, kuma irin wannan harin yana da tabbacin yin aiki a kan duk wasu bayanan sirri - a ƙarshe. Alal misali, ƙarfin hali ya isa ya yi hack , tsohuwar sifa inda maɓalli shine harafi ɗaya na haruffa, yana nufin sama da maɓalli 20 kawai.
Abin baƙin ciki ga cryptanalysts, haɓaka girman maɓalli shine kyakkyawan tsaro da ƙarfi mai ƙarfi. Yayin da girman maɓalli ke ƙaruwa, adadin maɓallai masu yuwuwa yana ƙaruwa sosai. Tare da masu girma dabam na maɓalli na zamani, ƙaƙƙarfan ƙaƙƙarfan ƙaƙƙarfan ƙarfi gabaɗaya ba ta da amfani. Don fahimtar abin da muke nufi, bari mu ɗauki mafi sani supercomputer tun tsakiyar 2019: daga IBM, tare da kololuwar aiki na kusan ayyuka 1017 a sakan daya. A yau, tsawon maɓalli na yau da kullun shine 128 ragowa, wanda ke nufin 2128 yuwuwar haɗuwa. Don bincika duk maɓallan, babban kwamfuta na Summit zai buƙaci lokacin da ya kai kusan sau 7800 na shekarun Duniya.
Shin ya kamata a yi la'akari da karfi a matsayin abin sha'awar tarihi? Ba kwata-kwata: abu ne mai mahimmanci a cikin littafin dafa abinci na cryptanalysis. Ba kasafai suke da rauni ba ta yadda za a iya karya su ta hanyar wayo kawai, ba tare da amfani da karfi zuwa mataki ɗaya ko wani ba. Yawancin hacks masu nasara suna amfani da hanyar algorithm don raunana cipher da farko, sa'an nan kuma aiwatar da mummunan harin.
Binciken mita
Yawancin rubutu ba gibberish ba ne. Misali, a cikin rubutun Turanci akwai haruffa da yawa ‘e’ da labarin ‘the’; a cikin fayilolin binary akwai ɗimbin bytes marasa amfani a matsayin padding tsakanin yanki na bayanai. Binciken mita shine duk wani hari da ke cin gajiyar wannan gaskiyar.
Misalin canonical na cipher mai rauni ga wannan harin shine sauƙin sauya sifa. A cikin wannan maɓalli, maɓalli shine tebur wanda aka maye gurbin duk haruffa. Misali, 'g' ana maye gurbin 'h', 'o' ana maye gurbinsa da j, don haka kalmar 'go' ta zama 'hj'. Wannan sifa yana da wahala a ɓata ƙarfi saboda akwai yuwuwar allunan bincike da yawa. Idan kuna sha'awar lissafi, tsawon maɓalli mai tasiri kusan 88 rago: ke nan
. Amma nazarin mita yawanci yana samun aikin da sauri.
Yi la'akari da rubutun ciphertex mai zuwa wanda aka sarrafa tare da sauƙaƙan musanyawa:
XDYLY ALY UGLY XDWNKE WN DYAJYN ANF YALXD DGLAXWG XDAN ALY FLYAUX GR WN OGQL ZDWBGEGZDO
Tun da Y yana faruwa akai-akai, ciki har da a ƙarshen kalmomi da yawa, zamu iya ɗauka cewa wannan shine harafin e:
XDeLe ALe UGLe XDWNKE WN DeAJeN ANF eALXD DGLAXWG XDAN ALe FLeAUX GR WN OGQL ZDWBGEGZDO
Ma'aurata XD maimaita a farkon kalmomi da yawa. Musamman, haɗin XDeLe yana ba da shawarar kalmar a sarari these ko there, don haka mu ci gaba:
Le ALe UGLe thWNKE WN heAJEN ANF eALth DGLAtWG fiye da ALE FLeAUt GR WN OGQL ZDWBGEGZDO
Bari mu kara ɗauka cewa L соответствует r, A - a da sauransu. Wataƙila zai ɗauki ƴan gwaje-gwaje, amma idan aka kwatanta da cikakken harin ƙarfi, wannan harin yana maido da ainihin rubutun cikin ɗan lokaci:
akwai abubuwa da yawa a sama da ƙasa horatio fiye da yadda ake mafarkin su a falsafar ku
Ga wasu, warware irin wannan "cryptograms" abin sha'awa ne mai ban sha'awa.
Tunanin mitar bincike ya fi mahimmanci fiye da yadda ake gani a kallon farko. Kuma ya shafi abubuwan da suka fi rikitarwa. A cikin tarihi, ƙira iri-iri daban-daban sun yi ƙoƙarin magance irin wannan harin ta amfani da "masanya polyalphabetic". Anan, yayin aiwatar da ɓoyayyen, teburin musanya haruffa ana gyaggyara ta cikin hadaddun amma hanyoyin da ake iya faɗi waɗanda suka dogara da maɓalli. Duk waɗannan sifofin an yi la'akari da wahalar karya lokaci ɗaya; amma duk da haka matsakaicin mitar bincike daga ƙarshe ya cinye su duka.
Mafi girman buri na polyalphabetic a tarihi, kuma tabbas mafi shahara, shine Enigma cipher na yakin duniya na biyu. Yana da ɗan rikitarwa idan aka kwatanta da magabata, amma bayan aiki tuƙuru, masu fafutuka na Biritaniya sun fashe ta ta amfani da nazarin mita. Tabbas, ba za su iya haifar da wani kyakkyawan hari kamar wanda aka nuna a sama ba; dole ne su kwatanta sanannun nau'i-nau'i na rubutu da rubutu (abin da ake kira "hararin rubutu"), har ma da tsokanar masu amfani da Enigma don ɓoye wasu saƙonni tare da nazarin sakamakon ("zaɓaɓɓen harin da aka zaɓa"). Amma hakan bai sa makomar sojojin makiya da suka sha kashi da kuma nutsewar jiragen ruwa cikin sauki ba.
Bayan wannan nasara, binciken mita ya ɓace daga tarihin cryptanalysis. Ciphers a zamanin dijital na zamani an tsara su don yin aiki tare da bits, ba haruffa ba. Mafi mahimmanci, an ƙirƙira waɗannan sifofin tare da duhun fahimtar abin da daga baya ya zama sananne : Kowa na iya ƙirƙirar algorithm na ɓoyewa wanda su da kansu ba za su iya karya ba. Bai isa ba don tsarin ɓoyewa da alama mai wahala: don tabbatar da ƙimar sa, dole ne a yi bitar tsaro mara tausayi ta yawancin cryptanalysts waɗanda za su yi iya ƙoƙarinsu don fashe sifa.
Lissafi na farko
Bari mu ɗauki wani birni mai ƙima na Precom Heights, yawan jama'a 200. Kowane gida a cikin birni ya ƙunshi matsakaicin darajar dala 000, amma bai wuce dala 30 na kayayyaki masu daraja ba. Kasuwar tsaro a Precom masana'antun ACME ne ke da iko da su, wanda ke samar da makullin ƙofar Coyote™ na almara. A cewar ƙwararrun ƙwararrun, kulle-kulle-aji na Coyote kawai za a iya karya shi ta hanyar na'ura mai rikitarwa mai rikitarwa, wanda ƙirƙirarsa zai buƙaci kusan shekaru biyar da saka hannun jari na $ 000. Shin garin lafiya?
Mai yiwuwa a'a. A ƙarshe, mai gaskiya mai buri zai bayyana. Zai yi tunani kamar haka: “Eh, zan jawo babban farashi na gaba. Shekaru biyar na jiran haƙuri, da $ 50. Amma idan na gama, zan sami damar yin amfani da su. duk dukiyar wannan birni. Idan na buga katunana daidai, wannan jarin zai biya kansa sau da yawa.
Haka abin yake a cikin cryptography. Hare-hare a kan wani sifa na musamman yana ƙarƙashin bincike mara ƙima. Idan rabo yana da kyau, harin ba zai faru ba. Amma hare-haren da ke aiki akan yawancin wadanda abin ya shafa a lokaci guda kusan koyaushe suna biya, a cikin wannan yanayin mafi kyawun tsarin ƙira shine ɗauka cewa sun fara daga rana ɗaya. Muna da ainihin sigar sirri ta Dokar Murphy: "Duk abin da zai iya karya tsarin zai karya tsarin."
Misali mafi sauƙi na tsarin crypto wanda ke da rauni ga harin da aka riga aka yi lissafin ƙididdiga shi ne cipher marar maɓalli akai-akai. Haka lamarin ya kasance , wanda kawai ke jujjuya kowane harafi na haruffa gaba harrufa uku gaba (tebur yana madauki, don haka harafin ƙarshe a cikin haruffa yana ɓoye na uku). Anan kuma ka'idar Kerchhoffs ta zo cikin wasa: da zarar an yi kutse a tsarin, ana yin kutse har abada.
Manufar ita ce mai sauƙi. Ko da novice mai haɓaka tsarin cryptosystem zai iya gane barazanar kuma ya shirya daidai. Duban juyin halitta na cryptography, irin waɗannan hare-haren ba su dace ba ga mafi yawan masifu, tun daga farkon ingantattun nau'ikan sifa na Kaisar har zuwa raguwar sifofin polyalphabetic. Irin waɗannan hare-haren sun dawo ne kawai tare da zuwan zamanin zamani na cryptography.
Wannan dawowar ta faru ne saboda abubuwa biyu. Da fari dai, isassun hadaddun tsarin tsarin crypto a ƙarshe sun bayyana, inda yiwuwar yin amfani da su bayan hacking ba a bayyane yake ba. Na biyu, cryptography ya yaɗu sosai har miliyoyin ƴan ƙasa suka yanke shawara a kowace rana game da inda da kuma waɗanne sassa na cryptography don sake amfani da su. Ya ɗauki ɗan lokaci kafin masana su fahimci haɗarin kuma sun ɗaga ƙararrawa.
Ka tuna da harin da aka riga aka yi: a ƙarshen labarin za mu dubi misalai biyu na ainihi na ainihi inda ya taka muhimmiyar rawa.
Interpolation
Anan shine sanannen jami'in bincike Sherlock Holmes, yana yin wani harin tsaka-tsaki kan Dr. Watson mara tausayi:
Nan da nan na yi zaton ka fito daga Afghanistan... Tunanina ya kasance kamar haka: “Wannan mutumin likita ne ta nau’insa, amma yana da aikin soja. Don haka, likitan soja. Ya zo ne daga wurare masu zafi - fuskarsa ba ta da duhu, amma wannan ba ita ce inuwar fata ba, tun da wuyansa ya fi fari. Fuskar nan a ƙulle-baƙi, ya sha wahala da yawa kuma ya yi fama da rashin lafiya. An ji masa rauni a hannunsa na hagu - yana riƙe shi ba motsi da ɗan rashin ɗabi'a. A ina ne a cikin wurare masu zafi likitan sojan Ingila zai iya jure wahalhalu kuma ya sami rauni? Tabbas, a Afghanistan." Duk jirgin tunani bai ɗauki ko daƙiƙa guda ba. Don haka na ce daga Afghanistan ka fito, kuma ka yi mamaki.
Holmes zai iya fitar da bayanai kaɗan daga kowane yanki na shaida daban-daban. Ya iya kaiwa ga ƙarshe ta hanyar la'akari da su gaba ɗaya. Harin shiga tsakani yana aiki iri ɗaya ta hanyar bincika sanannen rubutu da nau'i-nau'i na maɓalli ɗaya. Daga kowane nau'i-nau'i, ana fitar da abubuwan lura guda ɗaya waɗanda ke ba da damar kammalawa gabaɗaya game da maɓallin da za a zana. Duk waɗannan ra'ayoyin ba su da fa'ida kuma suna da alama ba su da amfani har sai sun kai ga babban taro ba zato ba tsammani kuma su kai ga ƙarshe mai yiwuwa kawai: komai abin mamaki, dole ne ya zama gaskiya. Bayan wannan, ko dai maɓalli ya bayyana, ko kuma tsarin ɓoye bayanan ya zama mai ladabi da za a iya maimaita shi.
Bari mu kwatanta da sauƙi misali yadda interpolation ke aiki. Bari mu ce muna son karanta littafin tarihin maƙiyinmu, Bob. Yana rufawa kowane lamba a cikin littafin tarihinsa ta amfani da tsarin sirri mai sauƙi da ya koya game da shi daga wani talla a cikin mujallar "A Mock of Cryptography." Tsarin yana aiki kamar haka: Bob ya zaɓi lambobi biyu waɗanda yake so: и . Daga yanzu, don ɓoye kowane lamba , yana lissafta . Misali, idan Bob ya zaɓa и , sai lambar za a boye kamar yadda .
Bari mu ce a ranar 28 ga Disamba, mun lura cewa Bob yana tabo wani abu a cikin littafin tarihinsa. Idan ya gama, za mu karba a nitse mu kalli shigarwar karshe:
Kwanan wata:
235/520Dear Diary,
Yau tayi kyau. Ta hanyar
64yau ina tare da Alisa, wacce ke zaune a wani gida843. Ina tsammanin tana iya zama26!
Tun da muna da gaske game da bin Bob a kwanan wata (mu biyu ne 15 a cikin wannan yanayin), yana da mahimmanci a san kwanan wata da adireshin Alice. Abin farin ciki, mun lura cewa tsarin crypto na Bob yana da rauni ga harin interpolation. Wataƙila ba mu sani ba и , amma mun san kwanan wata, don haka muna da nau'i-nau'i-nau'i-nau'i-nau'i na bayyananne. Wato mun san haka rufaffen ciki da kuma - a cikin . Wannan shi ne abin da za mu rubuta:
Tun muna da shekaru 15, mun riga mun san game da tsarin tsarin daidaitawa guda biyu tare da abubuwan da ba a sani ba, wanda a cikin wannan yanayin ya isa ya samo. и ba tare da wata matsala ba. Kowane nau'in rubutu-ciphertext guda biyu suna sanya takura akan maɓalli na Bob, kuma ƙuntatawa biyu tare sun isa su dawo da maɓallin gaba ɗaya. A misalinmu amsar ita ce и (a , haka 26 a cikin diary yayi daidai da kalmar 'daya', wato, "daya" - kimanin. layi).
Hare-haren interpolation, ba shakka, ba'a iyakance ga irin waɗannan misalai masu sauƙi ba. Kowane tsarin tsarin crypto wanda ke ragewa zuwa wani abu na lissafi da aka fahimta da kuma jerin sigogi yana cikin haɗari na harin interpolation-mafi fahimtar abu, mafi girman haɗari.
Sabbin shiga sukan yi korafin cewa cryptography shine “fasahar tsara abubuwa don su zama mummuna gwargwadon yiwuwa.” Hare-haren ƙetare mai yiwuwa ne abin zargi. Bob na iya yin amfani da kyakkyawan ƙirar lissafi ko kuma ya kiyaye kwanansa tare da Alice na sirri - amma kash, yawanci ba za ku iya samun ta hanyoyi biyu ba. Wannan zai bayyana sarai sosai lokacin da a ƙarshe muka isa kan batun maɓalli na maɓalli na jama'a.
Tsallake yarjejeniya / rage darajar
A cikin Yanzu Kuna Gani (2013), ƙungiyar masu ruɗi sun yi ƙoƙarin yin zamba da cin hanci da rashawa magnate Arthur Tressler daga dukan dukiyarsa. Don samun damar shiga asusun bankin Arthur, masu ruɗi dole ne su ba da sunan mai amfani da kalmar wucewa ko kuma su tilasta shi ya bayyana a banki da kansa kuma ya shiga cikin tsarin.
Duk zaɓuɓɓuka biyu suna da wahala sosai; Mutanen sun saba yin wasan kwaikwayo a kan mataki, kuma ba sa shiga ayyukan sirri. Don haka sun zaɓi zaɓi na uku mai yiwuwa: abokin aikinsu ya kira banki kuma ya yi kama da Arthur. Bankin yana yin tambayoyi da yawa don tabbatar da ainihi, kamar sunan kawu da sunan dabbar farko; jaruman mu a gaba . Daga wannan gaba, ingantaccen tsaro na kalmar sirri ba shi da mahimmanci.
(A cewar wani almara na birni da da kan mu muka tantance kuma muka tabbatar da shi, wani masanin rubutun sirri Eli Beham ya taɓa saduwa da wani ma’aikacin banki wanda ya dage sai ya kafa tambayar tsaro. Sa’ad da ma’aikacin kuɗin ya nemi sunan kakarsa ta wajen uwa, Beham ya fara cewa: “Capital X, karami y, uku...").
Haka yake a cikin cryptography, idan an yi amfani da ka'idojin sirri guda biyu a layi daya don kare kadara ɗaya, kuma ɗayan ya fi sauran rauni. Tsarin da ya haifar ya zama mai rauni ga harin ƙetare, inda aka kai hari ga ƙaƙƙarfan yarjejeniya don samun kyautar ba tare da taɓa mafi ƙarfi ba.
A wasu lokuta masu rikitarwa, bai isa kawai a tuntuɓi uwar garken ta amfani da ƙa'idar rauni ba, amma yana buƙatar sa hannu na halaltaccen abokin ciniki. Ana iya shirya wannan ta amfani da abin da ake kira harin rage darajar. Don fahimtar wannan harin, bari mu ɗauka cewa masu ruɗin mu suna da aiki mai wahala fiye da na fim. Bari mu ɗauka cewa ma'aikacin banki (cashier) da Arthur sun ci karo da wasu abubuwan da ba a zata ba, wanda ya haifar da tattaunawa mai zuwa:
Dan fashi: Sannu? Wannan shine Arthur Tressler. Ina so in sake saita kalmar sirri ta.
Mai kudi: Mai girma. Da fatan za a duba littafin lambar sirrin ku, shafi na 28, kalma na 3. Duk saƙonnin da ke biyo baya za a ɓoye su ta amfani da takamaiman kalmar a matsayin maɓalli. PQJGH. LOTJNAM PGGY MXVRL ZZLQ SRIU HHNMLPPPV…
Dan fashi: Hey, hey, jira, jira. Shin wannan ya zama dole? Ba za mu iya kawai magana kamar na al'ada?
Mai kudi: Ban ba da shawarar yin wannan ba.
Dan fashi: I just... look, I have a lousy day, lafiya? Ni abokin ciniki ne na VIP kuma ba ni da sha'awar tono ta cikin waɗannan littattafan lambar wawa.
Mai kudi: Lafiya. Idan ka nace, Mr. Tressler. Me kuke so?
Dan fashi: Don Allah, Ina so in ba da duk kuɗina ga Asusun Ƙwararru na Ƙasa na Arthur Tressler.
(Dakata).
Mai kudi: Yanzu ya tabbata. Da fatan za a ba da PIN ɗin ku don manyan ma'amaloli.
Dan fashi: Na me?
Mai kudi: A buƙatarku na sirri, ma'amaloli na wannan girman suna buƙatar PIN don manyan ma'amaloli. An ba ku wannan lambar lokacin da kuka buɗe asusunku.
Dan fashi:... Na rasa shi. Shin wannan ya zama dole? Ba za ku iya amincewa da yarjejeniyar ba?
Mai kudi: A'a. Yi hakuri, Mr. Tressler. Hakanan, wannan shine matakin tsaro da kuka nema. Idan kana so, za mu iya aika sabon lambar PIN zuwa akwatin saƙonka.
Jarumanmu sun dage aikin. Suna sauraron yawancin manyan ma'amaloli na Tressler, suna fatan jin PIN; amma duk lokacin da zance ya rikide ya zama gibberish code kafin a ce wani abu mai ban sha'awa. A ƙarshe, wata rana mai kyau, an fara aiwatar da shirin. Suna jira da haƙuri don lokacin da Tressler zai yi babbar ciniki ta wayar tarho, ya hau kan layi, sannan ...
Tressler: Sannu. Ina so in kammala ciniki mai nisa, don Allah.
Mai kudi: Mai girma. Da fatan za a duba littafin lambar sirrin ku, shafi...
(Mai fashin ya danna maballin; muryar mai karbar kudi ta koma hayaniya mara fahimta).
Mai kudi: - #@$#@$#*@$$@#* za a rufaffen ɓoye tare da wannan kalmar azaman maɓalli. AAAYRR PLRQRZ MMNJK LOJBAN…
Tressler: Yi hakuri, ban fahimta sosai ba. Kuma? A wane shafi? Wace kalma?
Mai kudi: Wannan shine shafin @#$@#*$)#*#@()#@$(#@*$(#@*).
Tressler: Menene?
Mai kudi: Kalma mai lamba ashirin @$#@$#%#$.
Tressler: Da gaske! Ya isa riga! Kai da ka'idar tsaro ku ɗan wasan circus ne. Na san cewa za ku iya magana da ni kawai.
Mai kudi: Ba na ba da shawarar…
Tressler: Kuma ba na ba ku shawarar ku ɓata lokaci na ba. Bana son karin jin labarin wannan har sai kun gyara matsalolin layin wayarku. Za mu iya kammala wannan yarjejeniya ko a'a?
Mai kudi:… Iya. Lafiya. Me kuke so?
Tressler: Ina so in tura $20 zuwa hannun jari na Kasuwancin Lord, lambar asusu...
Mai kudi: Minti daya, don Allah. Babban abu ne. Da fatan za a ba da PIN ɗin ku don manyan ma'amaloli.
Tressler: Menene? Oh, daidai. 1234.
Ga harin ƙasa. Ƙa'idar da ta fi rauni "kawai yin magana kai tsaye" an hango shi azaman zaɓi a yanayin gaggawa. Kuma duk da haka muna nan.
Kuna iya mamakin wanene a cikin hankalinsu zai tsara tsarin "lafiya har sai an tambaye shi ba haka ba" kamar wanda aka kwatanta a sama. Amma kamar yadda bankin almara ke ɗaukar kasada don riƙe abokan cinikin da ba sa son cryptography, tsarin gabaɗaya yakan yi la'akari da buƙatun da ba su da sha'awa ko ma gabaɗaya ga tsaro.
Wannan shine ainihin abin da ya faru tare da ka'idar SSLv2 a cikin 1995. Gwamnatin Amurka ta dade da fara kallon bayanan sirri a matsayin makamin da ya fi dacewa da nisantar abokan gaba da na cikin gida. An ba da izinin yanki guda ɗaya don fitarwa daga Amurka, galibi tare da yanayin cewa algorithm ya raunana da gangan. Netscape, mawallafin mashahuran burauza, Netscape Navigator, an ba shi izini don SSLv2 kawai tare da maɓallin RSA 512-bit mai rauni (da 40-bit don RC4).
A ƙarshen karni, ƙa'idodin sun sassauta kuma samun damar yin ɓoyayyen ɓoyayyen zamani ya zama ko'ina. Koyaya, abokan ciniki da sabobin sun goyi bayan raunin “fitarwa” cryptography na tsawon shekaru saboda inertia iri ɗaya wanda ke kiyaye goyan bayan kowane tsarin gado. Abokan ciniki sun yi imanin cewa za su iya haɗu da uwar garken da ba ta goyan bayan wani abu ba. Sabbin sun yi haka. Tabbas, ka'idar SSL ta nuna cewa abokan ciniki da sabobin kada su taɓa amfani da ƙa'idar rauni lokacin da mafi kyawun yana samuwa. Amma wannan jigo ya shafi Tressler da bankinsa.
Wannan ka'idar ta samo hanyar zuwa manyan hare-hare guda biyu wadanda suka girgiza tsaron ka'idar SSL a cikin 2015, duka biyun da masu binciken Microsoft suka gano kuma . Na farko, an bayyana cikakkun bayanai game da harin FARKO a watan Fabrairu, bayan watanni uku da wani hari makamancin haka da ake kira Logjam, wanda za mu tattauna dalla-dalla lokacin da muka ci gaba da kai hari kan bayanan sirri na jama'a.
Varfafawa (wanda kuma aka sani da "Smack TLS") ya zo haske lokacin da masu bincike suka yi nazarin aiwatar da abokin ciniki/uwar garken TLS kuma suka gano wani kwaro mai ban sha'awa. A cikin waɗannan aiwatarwa, idan abokin ciniki bai ma nemi yin amfani da cryptography mai rauni na fitarwa ba, amma uwar garken har yanzu yana amsawa da irin waɗannan maɓallan, abokin ciniki ya ce “Oh da kyau” kuma ya canza zuwa babban ɗakin cipher mai rauni.
A lokacin, an yi la’akari da bayanan sirrin fitar da kayayyaki zuwa wani zamani kuma ba a iyakance shi ba, don haka harin ya zo a matsayin cikakken firgita kuma ya shafi yankuna masu mahimmanci da yawa, gami da White House, IRS, da shafukan NSA. Ko da mafi muni, ya bayyana cewa yawancin sabobin masu rauni suna haɓaka aiki ta hanyar sake amfani da maɓallan iri ɗaya maimakon ƙirƙirar sababbi ga kowane zama. Wannan ya ba da damar, bayan rage darajar yarjejeniya, don aiwatar da harin da aka riga aka sani: fashe maɓalli ɗaya ya kasance mai tsada sosai ($ 100 da sa'o'i 12 a lokacin bugawa), amma ƙimar da ake amfani da ita na kai hari kan haɗin ya ragu sosai. Ya isa a tsinkayi maɓallin uwar garken sau ɗaya kuma a fashe ɓoyayye don duk haɗin da ke gaba daga wannan lokacin.
Kuma kafin mu ci gaba, akwai wani ci gaba mai ci gaba wanda ya kamata a ambaci ...
Harin Oracle
wanda aka fi sani da uban giciye-dandamali na saƙon saƙon crypto siginar; amma mu da kanmu muna son ɗaya daga cikin ƙanƙantattun abubuwan ƙirƙiransa: (Ka'idodin Doom na Cryptographic). Don fayyace kadan, muna iya cewa: “Idan ka’idar ta yi kowane yana aiwatar da aikin sirri akan saƙo daga wata maɓalli mai yuwuwar qeta kuma yana nuna halaye daban-daban dangane da sakamakon, halaka ne." Ko kuma a cikin mafi kyawun tsari: "Kada ku ɗauki bayanai daga abokan gaba don sarrafawa, kuma idan dole ne ku, to, aƙalla kada ku nuna sakamakon."
Mu bar a gefe da kwararowar ruwa, alluran umarni, da makamantansu; sun fi karfin wannan tattaunawa. Cin zarafin "ka'idar halaka" yana haifar da mummunan hacks na cryptography saboda gaskiyar cewa ka'idar tana aiki daidai yadda ake sa ran.
A matsayin misali, bari mu ɗauki ƙira ta ƙagagge tare da maƙasudin maye gurbin, sannan mu nuna yiwuwar harin. Duk da yake mun riga mun ga an kai hari kan ma'ajin musanya ta amfani da nazarin mitar, ba wai kawai "wata hanyar karya sifa iri ɗaya ba ce." Sabanin haka, hare-haren baƙar fata ƙirƙira ce ta zamani da ta shafi yanayi da yawa inda binciken mita ya gaza, kuma za mu ga nunin hakan a sashe na gaba. Anan zaɓaɓɓen sifa mai sauƙi kawai don ƙara bayyana misali.
Don haka Alice da Bob suna sadarwa ta amfani da maɓalli mai sauƙi ta amfani da maɓallin da aka sani kawai gare su. Suna da tsauri sosai game da tsawon saƙon: tsayin haruffa 20 daidai ne. Don haka sun yarda cewa idan wani yana son aika gajeriyar saƙo, to ya ƙara ɗan ƙaramin rubutu a ƙarshen saƙon don ya zama haruffa 20 daidai. Bayan sun tattauna, sai suka yanke shawarar cewa kawai za su karɓi nassosi masu zuwa: a, bb, ccc, dddd Da sauransu. Don haka, an san rubutun da ba daidai ba na kowane tsayin da ake buƙata.
Lokacin da Alice ko Bob suka karɓi saƙo, suna fara bincika cewa saƙon shine daidai tsayin saƙon (haruffa 20) kuma ƙarar ita ce madaidaicin rubutu na dummy. Idan ba haka lamarin yake ba, to suna amsawa da saƙon kuskure da ya dace. Idan tsayin rubutu da rubutu mara kyau ba su da kyau, mai karɓa ya karanta saƙon da kansa kuma ya aika da rufaffen amsa.
A yayin harin, maharin ya kwaikwayi Bob kuma ya aika da sakwannin karya ga Alice. Saƙonnin ba su da ma'ana - maharin ba shi da maɓalli don haka ba zai iya ƙirƙira saƙo mai ma'ana ba. Amma tunda ƙa'idar ta keta ƙa'idar halaka, har yanzu maharin na iya kama Alice cikin bayyana mahimman bayanai, kamar yadda aka nuna a ƙasa.
Dan fashi:
PREWF ZHJKL MMMN. LAAlice: Rubutu mara inganci.
Dan fashi:
PREWF ZHJKL MMMN. LBAlice: Rubutu mara inganci.
Dan fashi:
PREWF ZHJKL MMMN. LCAlice:
ILCT? TLCT RUWO PUT KCAW CPS OWPOW!
Mai ɓarayin bai san abin da Alice ta ce kawai ba, amma ya lura cewa alamar C dole ne ya dace a, tun da Alice ta karɓi rubutun dummy.
Dan fashi:
REWF ZHJKL MMMN. LAAAlice: Rubutu mara inganci.
Dan fashi:
REWF ZHJKL MMMN. LBBAlice: Rubutu mara inganci.
Bayan an yi yunkurin...
Dan fashi:
REWF ZHJKL MMMN. LGGAlice: Rubutu mara inganci.
Dan fashi:
REWF ZHJKL MMMN. LHHAlice:
TLQO JWCRO FQAW SUY LCR C OWQXYJW. IW PWWR TU TCFA CHUYT TLQO JWFCTQUPOLQZ.
Bugu da ƙari, maharin ba shi da masaniyar abin da Alice ta ce kawai, amma ya lura cewa H dole ne ya dace da b tun da Alice ta karɓi rubutun.
Haka kuma har sai maharin ya san ma’anar kowane hali.
A kallon farko, hanyar tana kama da zaɓaɓɓun harin da aka zaɓa. A ƙarshe, maharin yana zaɓar rubutun, kuma uwar garken yana aiwatar da su cikin biyayya. Babban bambancin da ke sa waɗannan hare-haren su yi tasiri a cikin ainihin duniya shine cewa maharin baya buƙatar samun damar yin amfani da ainihin kwafin-amsar uwar garken, ko da wanda ba shi da lahani kamar "Rubutun dummy mara inganci," ya isa.
Yayin da wannan harin na musamman yana da koyarwa, kar a rataya kan takamaiman makircin "rummy text", ƙayyadaddun tsarin crypto da aka yi amfani da shi, ko ainihin jerin saƙonnin da maharin ya aika. Babban ra'ayin shine yadda Alice ke amsawa daban-daban dangane da kaddarorin rubutun, kuma yana yin hakan ba tare da tabbatar da cewa ainihin rubutun da ya dace ya fito daga amintacciyar ƙungiya ba. Don haka, Alice ta ƙyale maharin ya matse bayanan sirri daga cikin amsoshinta.
Akwai abubuwa da yawa da za a iya canzawa a cikin wannan yanayin. Alamomin da Alice ke amsawa, ko kuma bambancin halayenta, ko ma tsarin crypto da aka yi amfani da su. Amma ka'idar za ta kasance iri ɗaya, kuma harin gaba ɗaya zai kasance mai yiwuwa ta wata hanya ko wata. Asalin aiwatar da wannan harin ya taimaka wajen gano kurakuran tsaro da yawa, waɗanda za mu duba nan ba da jimawa ba; amma da farko akwai wasu darussa na ka'idar da za a koya. Yadda za a yi amfani da wannan ƙagaggen "rubutun Alice" a cikin harin da zai iya aiki a kan ainihin maƙasudin zamani? Shin hakan ma zai yiwu, ko da a ka'idar?
A cikin 1998, ɗan littafin cryptographer na Switzerland Daniel Bleichenbacher ya amsa wannan tambayar da gaske. Ya nuna harin baƙar fata a kan tsarin jama'a na cryptosystem RSA da ake amfani da shi sosai, ta amfani da takamaiman tsarin saƙo. A wasu aiwatarwa na RSA, uwar garken yana amsawa da saƙon kuskure daban-daban dangane da ko rubutun ya yi daidai da tsarin ko a'a; wannan ya isa kai harin.
Shekaru hudu bayan haka, a shekara ta 2002, Serge Vaudenay mawallafin rubutun kalmomi na Faransa ya nuna harin bakaken maganganu kusan iri daya da wanda aka kwatanta a cikin labarin Alice da ke sama - sai dai maimakon tatsuniyar tatsuniyoyi, sai ya karya dukkan wani nau'i mai daraja na tarihin zamani wanda a zahiri ake amfani da mutane. Musamman, harin Vaudenay yana kaiwa ga ƙayyadaddun sifofi masu girman shigar da bayanai ("block ciphers") lokacin da ake amfani da su a cikin abin da ake kira "Yanayin ɓoyayyen CBC" kuma tare da wani sanannen tsarin padding, daidai yake da wanda ke cikin yanayin Alice.
Har ila yau, a cikin 2002, ɗan littafin cryptographer na Amurka John Kelsey ya haɗa hannu - ya ba da shawarar kai hare-hare iri-iri akan tsarin da ke damfara saƙon sa'an nan kuma ɓoye su. Mafi shahara a cikin waɗannan shi ne harin da ya yi amfani da gaskiyar cewa sau da yawa yana yiwuwa a yi la'akari da tsayin asali na asali daga tsawon rubutun. A ka'idar, wannan yana ba da damar kai hari na baka wanda ke dawo da sassan ainihin rubutun.
A ƙasa muna ba da ƙarin cikakkun bayanai game da hare-haren Vaudenay da Kelsey (za mu ba da cikakken bayani game da harin Bleichenbacher lokacin da muka ci gaba da kai hari kan maɓalli na jama'a). Duk da ƙoƙarinmu, rubutun ya zama ɗan fasaha; don haka idan abin da ke sama ya ishe ku, ku tsallake sassan biyu na gaba.
Harin Vodene
Don fahimtar harin Vaudenay, da farko muna buƙatar ƙarin magana game da toshe ciphers da hanyoyin ɓoyewa. “Tsarin toshe” shine, kamar yadda aka ambata, maɓalli wanda ke ɗaukar maɓalli da shigar da wani tsayayyen tsayi (“tsawon toshe”) kuma yana samar da ɓoyayyen toshe mai tsayi iri ɗaya. Ana amfani da sifofin toshe ko'ina kuma ana ɗaukar ingantattun amintattu. DES mai ritaya a yanzu, wanda aka yi la'akari da sifa na zamani na farko, ya kasance sifa mai toshewa. Kamar yadda aka ambata a sama, haka yake ga AES, wanda ake amfani dashi a yau.
Abin takaici, toshe sifa suna da rauni guda ɗaya. Girman toshe na yau da kullun shine 128 ragowa, ko haruffa 16. Babu shakka, cryptography na zamani yana buƙatar aiki tare da manyan bayanan shigarwa, kuma wannan shine inda hanyoyin ɓoyayye ke shiga cikin wasa. Yanayin ɓoye ainihin hack: hanya ce ta ko ta yaya za a yi amfani da shingen shinge wanda kawai ke karɓar shigarwar takamaiman girman don shigar da tsayin sabani.
Harin Vodene ya mayar da hankali ne kan shahararren CBC (Cipher Block Chaining) yanayin aiki. Harin yana ɗaukar tushen toshe sifa a matsayin sihiri, akwatin baƙar fata da ba za a iya jurewa ba kuma ya ketare amincinsa gaba ɗaya.
Anan ga zane wanda ke nuna yadda yanayin CBC ke aiki:
Da'irar da aka yi da'ira tana nuna aikin XOR (keɓaɓɓen OR). Misali, an karɓi toshe na biyu na ciphertext:
- Ta hanyar yin aikin XOR akan toshe rubutu na biyu tare da toshe rubutun farko.
- Encrypting sakamakon toshe tare da toshe sifa ta amfani da maɓalli.
Tunda CBC yayi irin wannan amfani mai nauyi na aikin XOR na binary, bari mu ɗauki ɗan lokaci don tunawa da wasu kaddarorinsa:
- Rashin ƙarfi:
- Sadarwa:
- Haɗin kai:
- Juyawa kai:
- Girman Byte: byte n na = (byte n na ) (byte n na )
Yawanci, waɗannan kaddarorin suna nuna cewa idan muna da ma'auni wanda ya ƙunshi ayyukan XOR da wanda ba a san shi ba, ana iya warware shi. Misali, idan mun san haka tare da wanda ba a sani ba kuma sananne и , to za mu iya dogara ga abubuwan da aka ambata a sama don warware lissafin don . Ta hanyar amfani da XOR a ɓangarorin biyu na lissafin tare da , mun samu . Wannan duk zai zama mai dacewa sosai a cikin ɗan lokaci.
Akwai ƙananan bambance-bambance guda biyu da babban bambanci ɗaya tsakanin yanayin Alice da harin Vaudenay. Yara biyu:
- A cikin rubutun, Alice ta sa ran za a kawo ƙarshen rubutu tare da haruffa
a,bb,cccda sauransu. A cikin harin na Wodene, wanda aka azabtar a maimakon haka yana tsammanin rubutun za su ƙare N sau tare da N byte (wato, hexadecimal 01 ko 02 02, ko 03 03 03, da sauransu). Wannan kawai bambancin kayan kwalliya ne. - A cikin yanayin Alice, yana da sauƙi a faɗi ko Alice ta karɓi saƙon ta hanyar amsawa "Rubutun dummy mara daidai." A cikin harin Vodene, ana buƙatar ƙarin bincike kuma ainihin aiwatarwa a gefen wanda aka azabtar yana da mahimmanci; amma don taƙaitawa, bari mu ɗauka a matsayin cewa wannan bincike yana yiwuwa har yanzu.
Babban bambanci:
- Tun da ba muna amfani da tsarin crypto iri ɗaya ba, dangantakar da ke tsakanin bytes ciphertext da ke sarrafa maharin da sirrin (maɓalli da bayyane) a fili za su bambanta. Don haka, maharin zai yi amfani da wata dabara ta daban lokacin ƙirƙirar rubutun rubutu da fassarar martanin uwar garken.
Wannan babban bambanci shine yanki na ƙarshe na wasan wasa don fahimtar harin Vaudenay, don haka bari mu yi tunanin ɗan lokaci game da dalilin da ya sa kuma yadda harin baƙar fata kan CBC zai yiwu.
A ce an ba mu rubutun CBC na tubalan 247, kuma muna so mu lalata shi. Za mu iya aika saƙonnin karya zuwa uwar garken, kamar yadda za mu iya aika saƙon karya ga Alice a da. Sabar za ta ɓata mana saƙon, amma ba za ta nuna ɓoyayyen ɓoyayyen ba - maimakon haka, kuma, kamar yadda yake ga Alice, uwar garken za ta ba da rahoton ɗan bayani kaɗan kawai: ko rubutun yana da fasinja mai inganci ko a'a.
Yi la'akari da cewa a yanayin Alice muna da alaƙa kamar haka:
$$ nuni$$ rubutu{SIMPLE_SUBSTITUTION}(rubutu{ciphertext},rubutu{key}) = rubutu{plaintext}$$ nuni$$
Bari mu kira wannan "Equation Alice." Mun sarrafa rubutun; uwar garken (Alice) ta fitar da bayanan da ba su da tabbas game da bayanin da aka samu; kuma wannan ya ba mu damar samun bayanai game da abu na ƙarshe - maɓalli. Ta misali, idan za mu iya samun irin wannan haɗin don rubutun CBC, za mu iya fitar da wasu bayanan sirri a can ma.
Sa'ar al'amarin shine, da gaske akwai dangantaka a can da za mu iya amfani da su. Yi la'akari da fitowar kira na ƙarshe don warware sikirin toshe kuma nuna wannan fitarwa azaman . Muna kuma nuna tubalan rubutu da tubalan sifar rubutu . Dauki wani kalli zanen CBC kuma ku lura da abin da ya faru:
Bari mu kira wannan "Equation CBC."
A cikin yanayin Alice, ta hanyar sa ido kan rubutun da kallon yadda yake fitowa fili, mun sami damar kai hari wanda ya dawo da kalma na uku a cikin ma'auni-maɓalli. A cikin yanayin CBC, muna kuma saka idanu kan rubutun kuma muna lura da ɗigon bayanai akan madaidaicin rubutun. Idan misalin ya riƙe, za mu iya samun bayani game da .
Bari mu ɗauka da gaske mun maido , me kuma? To, sa'an nan za mu iya buga gaba dayan juzu'in na ƙarshe a lokaci ɗaya (), kawai ta hanyar shiga (wanda muke da shi) kuma
samu cikin ma'aunin CBC.
Yanzu da muke da kyakkyawan fata game da tsarin gaba ɗaya na harin, lokaci ya yi da za mu fitar da cikakkun bayanai. Da fatan za a kula da daidai yadda ake fitar da bayanan da aka bayyana a fili akan sabar. A cikin rubutun Alice, ledar ta faru ne saboda Alice kawai za ta amsa da madaidaicin saƙo idan $inline$rubutu{SIMPLE_SUBSTITUTION}(rubutu{ciphertext},rubu{key})$inline$ ya ƙare da layin. a (ko bb, da sauransu, amma damar da waɗannan sharuɗɗan ke haifarwa ta hanyar kwatsam kadan ne). Kama da CBC, uwar garken yana karɓar facin idan kuma idan kawai ya ƙare da hexadecimal 01. Don haka bari mu gwada dabara iri ɗaya: aika saƙon rubutu na karya tare da ƙimar mu na karya har sai uwar garken ya yarda da cikawa.
Lokacin da uwar garken ya karɓi padding don ɗaya daga cikin saƙonmu na karya, yana nufin cewa:
Yanzu muna amfani da kadarar XOR byte-byte:
Mun san sharuddan farko da na uku. Kuma mun riga mun ga cewa wannan yana ba mu damar dawo da sauran wa'adin - byte na ƙarshe daga :
Wannan kuma yana ba mu byte na ƙarshe na toshe rubutu na ƙarshe ta hanyar ma'auni na CBC da kadarorin byte-by-byte.
Za mu iya barin shi a haka kuma mu gamsu cewa mun kai hari a kan ka'ida mai ƙarfi. Amma a zahiri muna iya yin abubuwa da yawa: a zahiri za mu iya dawo da duk rubutun. Wannan yana buƙatar dabarar da ba ta cikin ainihin rubutun Alice kuma ba a buƙata don harin baka, amma har yanzu yana da daraja koyo.
Don gane shi, da farko a lura cewa sakamakon fitar da madaidaicin ƙimar byte na ƙarshe shine muna da sabon iyawa. Yanzu, lokacin ƙirƙira rubutun bayanai, za mu iya sarrafa baiti na ƙarshe na rubutun da ya dace. Hakanan, wannan yana da alaƙa da ma'auni na CBC da kadarorin byte-by-byte:
Tun da yanzu mun san kalma na biyu, za mu iya amfani da ikonmu akan na farko don sarrafa na uku. Muna lissafta kawai:
Ba za mu iya yin wannan a da ba saboda ba mu sami byte na ƙarshe ba tukuna .
Ta yaya hakan zai taimake mu? A ce yanzu mun ƙirƙiri duk rubututtuka kamar yadda a cikin madaidaitan rubutun baiti na ƙarshe ya yi daidai da 02. Sabar yanzu tana karɓar faɗuwa kawai idan rubutun bayyananne ya ƙare da 02 02. Tunda mun gyara byte na ƙarshe, wannan zai faru ne kawai idan penultimate byte na plaintext shima 02. Muna ci gaba da aikawa da bulogi na bogi, muna canza byte na penultimate, har sai uwar garken ya karɓi padding ga ɗayansu. A wannan lokacin muna samun:
Kuma mun mayar da penultimate byte kamar yadda aka mayar da na karshe. Muna ci gaba a cikin ruhu ɗaya: muna gyara bytes biyu na ƙarshe na bayanin rubutu zuwa 03 03, Muna maimaita wannan harin don byte na uku daga ƙarshe da sauransu, a ƙarshe muna maidowa gaba ɗaya .
Me game da sauran rubutun? Lura cewa ƙimar shine ainihin $inline$rubutu{BLOCK_DECRYPT}(rubutu{maɓalli},C_{247})$inline$. Za mu iya sanya wani block maimakon , kuma har yanzu harin zai yi nasara. Haƙiƙa, muna iya tambayar uwar garken don yin $inline$rubutu{BLOCK_DECRYPT}$inline$ ga kowane bayanai. A wannan gaba, wasan ya ƙare - za mu iya lalata kowane rubutun rubutu (kalli wani hoton zane na CBC don ganin wannan; kuma lura cewa IV na jama'a ne).
Wannan hanya ta musamman tana taka muhimmiyar rawa a harin baka da za mu fuskanta daga baya.
Harin Kelsey
Dan uwanmu John Kelsey ya fitar da ka'idodin da ke tattare da yuwuwar hare-hare, ba kawai cikakkun bayanai na takamaiman hari akan takamaiman sifa ba. Nasa nazari ne na yiwuwar kai hari kan rufaffen bayanan da aka matsa. Shin kuna tsammanin cewa bayanan da aka matse bayanan kafin ɓoyewa bai isa ya kai hari ba? Sai ya zama ya isa.
Wannan sakamako mai ban mamaki ya faru ne saboda ka'idoji guda biyu. Na farko, akwai alaƙa mai ƙarfi tsakanin tsayin rubutu da tsayin rubutun; ga yawancin sifofi daidai daidaito. Na biyu, lokacin da ake matsawa, akwai kuma dangantaka mai ƙarfi tsakanin tsayin saƙon da aka matsa da kuma matakin "haɗuwa" na rubutu, wato, adadin haruffa marasa maimaitawa (ma'anar fasaha ita ce "high entropy"). ).
Don ganin ƙa'idar a aikace, yi la'akari da rubutu guda biyu:
Magana ta 1:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMagana ta 2:
ATVXCAGTRSVPTVVULSJQHGEYCMQPCRQBGCYIXCFJGJ
Bari mu ɗauka cewa an matse su sannan kuma an rufaffen su. Kuna samun sakamako guda biyu da aka samo asali kuma dole ne ku yi tsammani wane rubutun ya yi daidai da wanne rubutu:
Rubutu na 1:
PVOVEYBPJDPVANEAWVGCIUWAABCIYIKOOURMYDTARubutu na 2:
DWKJZXYU
Amsar a bayyane take. Daga cikin filayen, rubutu na 1 kawai za a iya matsawa cikin ɗan kankanin tsayin rubutu na biyu. Mun gano wannan ba tare da sanin komai ba game da matsawa algorithm, maɓallin ɓoyewa, ko ma sifar kanta. Idan aka kwatanta da matsayi na yiwuwar harin sirri, wannan nau'in hauka ne.
Kelsey ya kara nuna cewa a karkashin wasu yanayi da ba a saba gani ba ana iya amfani da wannan ka'ida don kai harin bakaken fata. Musamman ma, ya bayyana yadda mai hari zai iya dawo da bayanin sirrin idan ya iya tilasta uwar garken don ɓoye bayanan sigar (rubutun da ke biye da shi. alhalin shi ke da iko kuma zai iya ko ta yaya duba tsawon sakamakon rufaffen.
Hakanan, kamar sauran hare-haren baka, muna da alaƙa:
Har ila yau, muna sarrafa lokaci ɗaya (), mun ga ɗan ƙaramin bayani game da wani memba (rubutun rubutu) kuma muna ƙoƙarin dawo da na ƙarshe (launi). Duk da kwatankwacin, wannan wani sabon yanayi ne da ba a saba gani ba idan aka kwatanta da sauran hare-haren baka da muka gani.
Don misalta yadda irin wannan harin zai iya aiki, bari mu yi amfani da tsarin matsi na ƙage da muka fito da shi: TOYZIP. Yana neman layukan rubutu waɗanda suka bayyana a baya a cikin rubutun kuma ya maye gurbinsu da bytes masu sanya wuri guda uku waɗanda ke nuna inda za a sami misalin layin farko da sau nawa ya bayyana a wurin. Misali, layi helloworldhello ana iya matsawa cikin helloworld[00][00][05] Tsawon bytes 13 idan aka kwatanta da ainihin 15 bytes.
A ce wani maharin ya yi ƙoƙarin dawo da bayanin siffan password=..., inda ba a san kalmar sirrin kanta ba. Dangane da samfurin harin Kelsey, maharin zai iya tambayar uwar garken don matsawa sannan ya rufaffen saƙon tsari (launi na biye da shi. ), a ina - rubutu kyauta. Lokacin da uwar garken ya gama aiki, yana ba da rahoton tsawon sakamakon. Harin yana tafiya kamar haka:
Dan fashi: Da fatan za a damƙa kuma a ɓoye bayanan da ke bayyana ba tare da wani faifai ba.
Sabar: Tsawon sakamako 14.
Dan fashi: Da fatan za a matsa kuma a rufaffen rufaffen rubutu na fili wanda aka rataye shi
password=a.Sabar: Tsawon sakamako 18.
Fassarar bayanin kula: [asali 14] + [bytes uku waɗanda suka maye gurbin password=] + a
Dan fashi: Da fatan za a damƙa kuma a ɓoye bayanan da aka ƙara zuwa gare shi
password=b.Sabar: Tsawon sakamako 18.
Dan fashi: Da fatan za a damƙa kuma a ɓoye bayanan da aka ƙara zuwa gare shi
password=с.Sabar: Tsawon sakamako 17.
Fassarar bayanin kula: [asali 14] + [bytes uku waɗanda suka maye gurbin password=c]. Wannan yana ɗauka cewa ainihin rubutun ya ƙunshi kirtani password=c. Wato kalmar sirri tana farawa da wasiƙa c
Dan fashi: Da fatan za a damƙa kuma a ɓoye bayanan da aka ƙara zuwa gare shi
password=сa.Sabar: Tsawon sakamako 18.
Fassarar bayanin kula: [asali 14] + [bytes uku waɗanda suka maye gurbin password=с] + a
Dan fashi: Da fatan za a damƙa kuma a ɓoye bayanan da aka ƙara zuwa gare shi
password=сb.Sabar: Tsawon sakamako 18.
(… Bayan wani lokaci…)
Dan fashi: Da fatan za a damƙa kuma a ɓoye bayanan da aka ƙara zuwa gare shi
password=со.Sabar: Tsawon sakamako 17.
Fassarar bayanin kula: [asali 14] + [bytes uku waɗanda suka maye gurbin password=co]. Yin amfani da dabaru iri ɗaya, maharin ya ƙarasa da cewa kalmar sirri tana farawa da haruffa co
Haka kuma har sai an dawo da kalmar sirri baki daya.
Za a gafarta wa mai karatu don tunanin cewa wannan motsa jiki ne kawai na ilimi kuma irin wannan yanayin harin ba zai taɓa tasowa ba a duniyar gaske. Alas, kamar yadda za mu gani nan ba da jimawa ba, yana da kyau kada ku daina cryptography.
Alamar alama: LAIFI, POODLE, DOWN
A ƙarshe, bayan nazarin ka'idar dalla-dalla, za mu iya ganin yadda ake amfani da waɗannan fasahohin a cikin hare-haren sirri na ainihi.
KYAUTA
Idan harin ya shafi masarrafar masarrafar burauza da hanyar sadarwa, wasu abubuwa za su yi sauki wasu kuma za su yi wahala. Alal misali, yana da sauƙi don ganin zirga-zirgar wanda aka azabtar: kawai zauna tare da shi a cikin cafe guda tare da WiFi. Don haka, masu yuwuwar wadanda abin ya shafa (watau kowa da kowa) gabaɗaya ana ba su shawarar yin amfani da rufaffen haɗin gwiwa. Zai fi wahala, amma har yanzu yana yiwuwa, don yin buƙatun HTTP a madadin wanda aka azabtar zuwa wani rukunin ɓangare na uku (misali, Google). Dole ne maharin ya yaudari wanda aka azabtar zuwa shafin yanar gizon mugu tare da rubutun da ke yin buƙatar. Mai binciken gidan yanar gizon zai samar da kuki mai dacewa ta atomatik.
Wannan yana da ban mamaki. Idan Bob ya tafi evil.com, shin rubutun da ke wannan rukunin yanar gizon zai iya tambayar Google kawai ya aiko da kalmar wucewa ta Bob [email protected]? To, a ka'idar eh, amma a zahiri a'a. Wannan yanayin ana kiransa harin jabu na buƙatun yanar gizo (, CSRF), kuma ya shahara a tsakiyar shekarun 90s. Yau idan evil.com yana gwada wannan dabarar, Google (ko kowane gidan yanar gizo mai mutunta kai) yawanci zai amsa da, "Mai girma, amma alamar CSRF ɗin ku na wannan ma'amala zai kasance ... um... три триллиона и семь. Da fatan za a maimaita wannan lambar." Masu bincike na zamani suna da wani abu da ake kira "manufofin asali guda" wanda rubutun da ke kan shafin A ba su da damar yin amfani da bayanan da gidan yanar gizon B ya aika. Don haka rubutun a kan. evil.com iya aika buƙatun zuwa google.com, amma ba zai iya karanta martani ko a zahiri kammala ma'amala.
Dole ne mu jaddada cewa sai dai idan Bob yana amfani da rufaffen haɗi, duk waɗannan kariyar ba su da ma'ana. Mai hari zai iya karanta zirga-zirgar Bob a sauƙaƙe kuma ya dawo da kuki ɗin zaman Google. Da wannan kuki, kawai zai buɗe sabon shafin Google ba tare da barin nasa burauzar ba kuma ya kwaikwayi Bob ba tare da cin karo da manufofin asali iri ɗaya ba. Amma, abin takaici ga mai sata, wannan yana zama ƙasa da ƙasa. Intanet gaba dayanta ta dade tana shelanta yaki a kan hanyoyin da ba a boye su ba, kuma ana iya rufaffen zirga-zirgar zirga-zirgar Bob, ko yana so ko bai so. Bugu da kari, tun farkon fara aiwatar da ka'idar, zirga-zirga ta kasance tsumma kafin boye-boye; wannan al'ada ce ta gama gari don rage jinkiri.
Wannan shi ne inda ya shigo cikin wasa (Matsakaicin Ratio Infoleak Yayi Sauƙi, sauƙi mai sauƙi ta hanyar matsi). Masu binciken tsaro Juliano Rizzo da Thai Duong sun bayyana raunin a cikin Satumba 2012. Mun riga mun bincika dukan tushen ka'idar, wanda ya ba mu damar fahimtar abin da suka yi da kuma yadda. Wani maharin zai iya tilasta mai binciken Bob ya aika buƙatun zuwa Google sannan ya saurari martanin da ke kan hanyar sadarwar gida a cikin rufaffen tsari. Don haka muna da:
Anan maharin yana sarrafa buƙatun kuma yana da damar yin amfani da sniffer zirga-zirga, gami da girman fakiti. Labarin almara na Kelsey ya zo rayuwa.
Fahimtar ka'idar, mawallafin CRIME sun ƙirƙiri amfani da za su iya satar kukis na zaman don yawancin shafuka, gami da Gmail, Twitter, Dropbox da Github. Lalacewar ta shafi mafi yawan masu binciken gidan yanar gizo na zamani, wanda ya haifar da fitar da facin da suka binne siginar matsawa cikin SSL ta yadda ba za a yi amfani da shi kwata-kwata ba. Iyakar abin da aka kare daga raunin shine Internet Explorer mai daraja, wanda bai taɓa amfani da matsawar SSL ba kwata-kwata.
POODLE
A cikin Oktoba 2014, ƙungiyar tsaro ta Google ta yi taguwar ruwa a cikin al'ummar tsaro. Sun sami damar yin amfani da rauni a cikin ƙa'idar SSL da aka fange fiye da shekaru goma da suka wuce.
Ya bayyana cewa yayin da sabobin ke gudana sabon TLSv1.2 mai haske, da yawa sun bar goyon baya ga gadon SSLv3 don dacewa da baya tare da Internet Explorer 6. Mun riga mun yi magana game da hare-haren raguwa, don haka za ku iya tunanin abin da ke faruwa. Sabis ɗin da aka tsara da kyau na ƙa'idar musafaha kuma sabobin suna shirye su koma tsohuwar SSLv3, da gaske suna warware shekaru 15 na ƙarshe na binciken tsaro.
Don dalilai na tarihi, :
Tsaro Layer Tsaro (TLS) shine mafi mahimmancin ka'idar tsaro akan Intanet. [..] kusan kowace ma'amala da kuke yi akan Intanet ya dogara da TLS. [..] Amma TLS ba koyaushe bane TLS. Yarjejeniyar ta fara rayuwa a ciki ake kira "Secure Sockets Layer" ko SSL. Jita-jita yana da cewa sigar farko ta SSL ta kasance mai muni sosai har masu haɓakawa suka tattara duk bugu na lambar kuma suka binne su a cikin wani ɓoye na ɓoye a New Mexico. Sakamakon haka, sigar SSL ta farko da ake samu a bainar jama'a ita ce haƙiƙa . Yana da kyawawan ban tsoro, kuma [..] samfuri ne na tsakiyar 90s, wanda masu fasahar zamani ke la'akari da "" Yawancin hare-hare mafi muni da muka sani a yau ba a gano su ba. Sakamakon haka, an bar masu haɓaka ƙa'idar SSLv2 da gaske don su ɓata hanyarsu cikin duhu, kuma sun fuskanci. - don bacin rai da fa'idarmu, tunda hare-haren SSLv2 sun bar darussa masu mahimmanci ga tsararru na gaba na gaba.
Bayan waɗannan abubuwan da suka faru, a cikin 1996, Netscape mai takaici ya sake fasalin tsarin SSL daga karce. Sakamakon shine SSL version 3, wanda .
Abin farin ciki ga masu fashi, "kadan" ba ya nufin "duk." Gabaɗaya, SSLv3 ya ba da duk mahimman tubalan ginin don ƙaddamar da harin Vodene. Yarjejeniyar ta yi amfani da tsarin toshe yanayin CBC da wani tsari mara tsaro (an gyara wannan a cikin TLS; don haka buƙatar rage girman hari). Idan kun tuna da makircin padding a cikin ainihin bayaninmu na harin Vaudenay, tsarin SSLv3 yayi kama da haka.
Amma, abin takaici ga masu fashi, "kamar" ba ya nufin "kama". Tsarin mashigin SSLv3 shine "N bazuwar bytes da lambar N ke bi". Gwada, a ƙarƙashin waɗannan sharuɗɗan, don zaɓar ɓangarorin ƙirƙira na rubutun rubutu kuma ku bi duk matakan tsarin ainihin Vaudene: za ku ga cewa harin ya yi nasarar fitar da byte na ƙarshe daga madaidaicin toshe na rubutu, amma bai ci gaba ba. Yanke kowane byte na 16 na ciphertext babban dabara ne, amma ba nasara ba ce.
Fuskantar gazawar, ƙungiyar Google ta koma hanyar ƙarshe: sun canza zuwa samfurin barazana mai ƙarfi - wanda aka yi amfani da shi a CRIME. Tsammanin cewa maharin rubutun ne da ke gudana a cikin shafin mai binciken wanda aka azabtar kuma zai iya fitar da kukis na zaman, har yanzu harin yana da ban sha'awa. Yayin da mafi girman samfurin barazanar ba shi da haƙiƙa, mun gani a cikin sashe na baya cewa wannan ƙirar ta musamman yana yiwuwa.
Ganin waɗannan ƙarin ƙarfin maharan masu ƙarfi, harin na iya ci gaba yanzu. Lura cewa maharin ya san inda kuki ɗin zaman ɓoyayyen ya bayyana a cikin taken kuma yana sarrafa tsawon buƙatun HTTP da ke gabansa. Don haka, yana iya sarrafa buƙatun HTTP ta yadda baiti na ƙarshe na kuki ya daidaita tare da ƙarshen toshe. Yanzu wannan byte ya dace da ƙaddamarwa. Kuna iya ƙara harafi ɗaya kawai ga buƙatar, kuma penultimate byte na kuki zai kasance a wuri ɗaya kuma ya dace da zaɓi ta amfani da hanya iri ɗaya. Ana ci gaba da kai harin ta wannan hanya har sai an dawo da fayil ɗin kuki gaba ɗaya. Ana kiran shi POODLE: Padding Oracle akan Rubutun Legacy da aka Rage.
SHAWA
Kamar yadda muka ambata, SSLv3 yana da lahani, amma ya bambanta da wanda ya gabace shi, tunda leaky SSLv2 samfuri ne na wani zamani daban. A can za ku iya katse saƙon a tsakiya: соглашусь на это только через мой труп juya zuwa соглашусь на это; abokin ciniki da uwar garken na iya saduwa ta kan layi, kafa aminci da musayar sirri a gaban maharin, wanda zai iya yin kwaikwayi duka biyu cikin sauki. Hakanan akwai matsala tare da cryptography na fitarwa, wanda muka ambata lokacin da ake la'akari da FREAK. Waɗannan su ne Saduma da Gwamrata.
A cikin Maris 2016, ƙungiyar masu bincike daga fannonin fasaha daban-daban sun taru tare da yin bincike mai ban mamaki: SSLv2 har yanzu ana amfani da shi a cikin tsarin tsaro. Ee, maharan ba za su iya sake rage zaman TLS na zamani zuwa SSLv2 ba tun lokacin da aka rufe ramin bayan FREAK da POODLE, amma har yanzu suna iya haɗawa zuwa sabobin kuma su fara zaman SSLv2 da kansu.
Kuna iya tambaya, me yasa muke damu da abin da suke yi a can? Suna da zama mai rauni, amma bai kamata ya shafi sauran zaman ba ko tsaro na uwar garken - daidai? To, ba sosai ba. Ee, haka ya kamata ya kasance a ka'idar. Amma a'a - saboda samar da takaddun shaida na SSL yana ɗaukar wani nauyi, yana haifar da yawancin sabobin suna amfani da takaddun shaida iri ɗaya kuma, sakamakon haka, maɓallan RSA iri ɗaya don haɗin TLS da SSLv2. Don yin muni, saboda bug ɗin OpenSSL, zaɓin "A kashe SSLv2" a cikin wannan mashahurin aiwatarwar SSL bai yi aiki da gaske ba.
Wannan ya sanya yiwuwar kai hari kan TLS, wanda ake kira (Kaddamar da RSA tare da ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar bayanan RSA tare da ɓoyayyen ɓoyayyen ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyen ɓoyayyen ɓoyayyiyar ɓoyayyen ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar kalmar sirri (RSA) Ku tuna cewa wannan ba daidai yake da ɗan gajeren hari ba; maharin baya buƙatar yin aiki a matsayin "mutum a tsakiya" kuma baya buƙatar shigar da abokin ciniki don shiga cikin zaman mara tsaro. Maharan kawai suna fara zaman SSLv2 mara tsaro tare da uwar garken da kansu, suna kai hari kan ƙa'idar mara ƙarfi, da dawo da maɓalli na sirri na uwar garken RSA. Wannan maɓalli kuma yana da inganci don haɗin TLS, kuma daga wannan lokacin, babu adadin tsaro na TLS da zai hana a lalata shi.
Amma don fasa shi, kuna buƙatar harin aiki akan SSLv2, wanda ke ba ku damar dawo da ba kawai takamaiman zirga-zirga ba, har ma da maɓallin uwar garken RSA na sirri. Kodayake wannan saiti ne mai rikitarwa, masu binciken zasu iya zaɓar duk wani rauni wanda aka rufe gaba ɗaya bayan SSLv2. A ƙarshe sun sami zaɓi mai dacewa: harin Bleichenbacher, wanda muka ambata a baya kuma wanda zamu yi bayani dalla-dalla a cikin labarin na gaba. SSL da TLS suna da kariya daga wannan harin, amma wasu bazuwar fasalulluka na SSL, haɗe da gajerun maɓallai a cikin cryptography-grade, sun sa ya yiwu. .
A lokacin da aka buga, kashi 25% na manyan rukunin yanar gizon DROWN ya shafa, kuma ana iya kai harin tare da kayan aiki masu sauƙi ga hatta masu kutse su kaɗai. Maido da maɓallin RSA na uwar garken yana buƙatar awoyi takwas na ƙididdigewa da $440, kuma SSLv2 ya tafi daga wanda ba a gama aiki ba zuwa rediyoaktif.
Dakata, me game da Heartbleed?
Wannan ba harin sirri bane a ma'anar da aka bayyana a sama; Wannan buffer ne ambaliya.
Mu huta
Mun fara da wasu dabaru na yau da kullun: ƙwaƙƙwaran ƙarfi, haɗin gwiwa, rage daraja, ƙa'idar giciye, da precomputation. Sannan mun kalli wata fasaha ta ci gaba, watakila babban abin da ke tattare da hare-haren sirri na zamani: harin baka. Mun dauki ɗan lokaci kaɗan don gano shi - kuma mun fahimci ba kawai ƙa'ida ta asali ba, har ma da cikakkun bayanai na fasaha na takamaiman aiwatarwa guda biyu: harin Vaudenay akan yanayin ɓoyayyen CBC da harin Kelsey akan ka'idojin ɓoyayyun pre-pression.
A cikin yin bitar hare-haren rage ƙima da ƙididdigewa, mun zayyana a taƙaice harin FREAK, wanda ke amfani da hanyoyin biyu ta hanyar rage rukunin yanar gizon zuwa maɓallai masu rauni sannan kuma a sake amfani da maɓallan iri ɗaya. Don labarin na gaba, za mu adana (mai kama da kama da haka) harin Logjam, wanda ke hari ga algorithms na jama'a.
Sai muka duba wasu misalai guda uku na amfani da waɗannan ka'idodin. Na farko, CRIME da POODLE: hare-hare guda biyu da suka dogara ga ikon maharin na shigar da rubutu na sabani kusa da bayanin da aka yi niyya, sannan a bincika martanin uwar garken to,,ta yin amfani da dabarun kai hari oracle, yi amfani da wannan ɗan ƙaramin bayani don, wani ɓangare na dawo da bayanin. CRIME ya tafi hanyar harin Kelsey akan matsawar SSL, yayin da POODLE a maimakon haka yayi amfani da bambance-bambancen harin Vaudenay akan CBC tare da irin wannan tasiri.
Daga nan sai muka mai da hankalinmu ga harin DROWN na giciye, wanda ke kafa haɗin kai ga uwar garken ta amfani da ka'idar SSLv2 ta gado sannan ta dawo da maɓallan sirrin uwar garken ta amfani da harin Bleichenbacher. Mun tsallake bayanan fasaha na wannan harin a yanzu; kamar Logjam, dole ne a jira har sai mun sami kyakkyawar fahimtar tsarin maɓalli na jama'a da kuma raunin su.
A cikin labarin na gaba za mu yi magana game da hare-haren da aka ci gaba kamar haɗuwa-a-tsakiyar, bambancin cryptanalysis da harin ranar haihuwa. Bari mu dauki hanzari cikin hare-haren tashoshi na gefe, sannan mu je ga naman al'amarin: tsarin tsarin jama'a na cryptosystems.
source: www.habr.com