Bayan-bincike: abin da aka sani game da sabon hari a kan hanyar sadarwa na crypto-key server SKS Keyserver

Masu satar bayanan sun yi amfani da wata alama ta ka'idar OpenPGP da aka sani fiye da shekaru goma.

Mun gaya muku abin da batu yake da kuma dalilin da ya sa ba za su iya rufe shi ba.

/Unsplash/ Chunlea Ju

Matsalolin hanyar sadarwa

A tsakiyar watan Yuni, ba a sani ba sun kai hari zuwa hanyar sadarwa na sabar maɓalli na sirri SKS Keyserver, wanda aka gina akan ka'idar OpenPGP. Wannan ma'aunin IETF ne (RFC 4880), wanda ake amfani da shi don ɓoye imel da sauran saƙonni. An ƙirƙiri cibiyar sadarwar SKS shekaru talatin da suka gabata don rarraba takaddun shaida na jama'a. Ya haɗa da kayan aiki kamar GnuPG don ɓoye bayanai da ƙirƙirar sa hannun dijital na lantarki.

Masu satar bayanai sun lalata takaddun shaida na masu kula da aikin GnuPG guda biyu, Robert Hansen da Daniel Gillmor. Load da gurbatattun takaddun shaida daga uwar garken yana haifar da gazawar GnuPG - tsarin yana daskarewa kawai. Akwai dalilai da za a yi imani da cewa maharan ba za su tsaya a nan ba, kuma adadin takaddun shaida da aka yi sulhu zai karu kawai. A halin yanzu, har yanzu ba a san iyakar matsalar ba.

Asalin harin

Masu satar bayanai sun yi amfani da wani rauni a cikin ka'idar OpenPGP. An san ta ga al'umma shekaru da yawa. Ko da akan GitHub za a iya samu daidai gwargwado. Amma har yanzu babu wanda ya dauki alhakin rufe "rami" (za mu yi magana game da dalilan dalla-dalla daga baya).

Zaɓuɓɓuka biyu daga shafinmu na Habré:

• SDN digest- shida bude tushen emulators
• Yadda Ake Gina SDN - Kayan Aikin Buɗewa Takwas
• Narkar da hanyar sadarwa: kayan ƙwararru 17 game da Wi-Fi da 5G

Dangane da ƙayyadaddun OpenPGP, kowa na iya ƙara sa hannun dijital zuwa takaddun shaida don tabbatar da mai shi. Bugu da ƙari, matsakaicin adadin sa hannu ba a kayyade shi ta kowace hanya. Kuma a nan matsala ta taso - hanyar sadarwar SKS tana ba ku damar sanya sa hannu har zuwa 150 akan takaddun shaida ɗaya, amma GnuPG baya goyan bayan irin wannan lambar. Don haka, lokacin loda takardar shaidar, GnuPG (da sauran ayyukan OpenPGP) yana daskarewa.

Daya daga cikin masu amfani gudanar da gwaji - shigo da takardar shaidar ya ɗauki kusan mintuna 10. Takaddar tana da sa hannun sama da dubu 54, kuma nauyinta ya kai 17 MB:

$ gpg --homedir=$PWD --recv C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
gpg: key F20691179038E5C6: 4 duplicate signatures removed
gpg: key F20691179038E5C6: 54614 signatures not checked due to missing keys
gpg: key F20691179038E5C6: 4 signatures reordered
gpg: key F20691179038E5C6: public key "Daniel Kahn Gillmor <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
$ ls -lh pubring.gpg
-rw-r--r--  1 filippo  staff    17M  2 Jul 16:30 pubring.gpg

Don yin muni, Sabar maɓalli na OpenPGP ba sa cire bayanan takaddun shaida. Anyi wannan ne domin ku iya bin diddigin duk ayyukan tare da takaddun shaida kuma ku hana musanya su. Saboda haka, ba shi yiwuwa a kawar da abubuwan da aka daidaita.

Ainihin, cibiyar sadarwar SKS babbar “uwar garken fayil” ce wacce kowa zai iya rubuta bayanai. Don kwatanta matsalar, a bara mazaunin GitHub ƙirƙirar tsarin fayil, wanda ke adana takardu akan hanyar sadarwa na sabar maɓalli na sirri.

Me yasa ba a rufe raunin ba?

Babu wani dalili na rufe raunin. A baya, ba a yi amfani da shi don hare-haren hacker ba. Ko da yake al'ummar IT ya tambaya na tsawon lokaci Masu haɓaka SKS da OpenPGP yakamata su kula da matsalar.

Don yin gaskiya, yana da kyau a lura cewa a cikin Yuni har yanzu suna kaddamar uwar garken maɓallin gwaji makullin.budepgp.org. Yana bayar da kariya daga ire-iren wadannan hare-hare. Koyaya, ma'ajin sa yana cike da jama'a daga karce, kuma uwar garken kanta ba ta cikin SKS. Don haka, zai ɗauki lokaci kafin a iya amfani da shi.

/Unsplash/ Rubben Bagues

Dangane da kwaro a tsarin asali, hadadden tsarin aiki tare yana hana gyarawa. Maɓallin cibiyar sadarwar uwar garken asali an rubuta shi azaman hujja na ra'ayi don karatun PhD na Yaron Minsky. Bugu da ƙari, an zaɓi takamaiman harshe, OCaml, don aikin. By a cewar Mai kula da Robert Hansen, lambar tana da wahalar fahimta, don haka ƙananan gyare-gyare ne kawai ake yin ta. Don gyara gine-ginen SKS, dole ne a sake rubuta shi daga karce.

A kowane hali, GnuPG baya yarda cewa cibiyar sadarwar za ta taɓa gyarawa. A cikin wani rubutu akan GitHub, masu haɓakawa har ma sun rubuta cewa ba sa shawarar yin aiki tare da SKS Keyserver. A haƙiƙa, wannan shine ɗayan manyan dalilan da yasa suka fara canzawa zuwa sabbin maɓallan sabis.openpgp.org. Za mu iya kawai kallon ƙarin ci gaban abubuwan da suka faru.

Wasu abubuwa guda biyu daga rukunin yanar gizon mu:

• Botnet "spams" ta hanyar hanyoyin sadarwa: abin da kuke buƙatar sani
• DDoS da 5G: “bututu” mai kauri yana nufin ƙarin matsaloli
• Firewall ko DPI - kayan aikin kariya don dalilai daban-daban
• Intanit zuwa ƙauyen - gina hanyar sadarwar Wi-Fi na rediyo

source: www.habr.com