Masu satar bayanan sun yi amfani da wata alama ta ka'idar OpenPGP da aka sani fiye da shekaru goma.
Mun gaya muku abin da batu yake da kuma dalilin da ya sa ba za su iya rufe shi ba.
/Unsplash/
Matsalolin hanyar sadarwa
A tsakiyar watan Yuni, ba a sani ba
Masu satar bayanai sun lalata takaddun shaida na masu kula da aikin GnuPG guda biyu, Robert Hansen da Daniel Gillmor. Load da gurbatattun takaddun shaida daga uwar garken yana haifar da gazawar GnuPG - tsarin yana daskarewa kawai. Akwai dalilai da za a yi imani da cewa maharan ba za su tsaya a nan ba, kuma adadin takaddun shaida da aka yi sulhu zai karu kawai. A halin yanzu, har yanzu ba a san iyakar matsalar ba.
Asalin harin
Masu satar bayanai sun yi amfani da wani rauni a cikin ka'idar OpenPGP. An san ta ga al'umma shekaru da yawa. Ko da akan GitHub
Zaɓuɓɓuka biyu daga shafinmu na Habré:
Dangane da ƙayyadaddun OpenPGP, kowa na iya ƙara sa hannun dijital zuwa takaddun shaida don tabbatar da mai shi. Bugu da ƙari, matsakaicin adadin sa hannu ba a kayyade shi ta kowace hanya. Kuma a nan matsala ta taso - hanyar sadarwar SKS tana ba ku damar sanya sa hannu har zuwa 150 akan takaddun shaida ɗaya, amma GnuPG baya goyan bayan irin wannan lambar. Don haka, lokacin loda takardar shaidar, GnuPG (da sauran ayyukan OpenPGP) yana daskarewa.
Daya daga cikin masu amfani
$ gpg --homedir=$PWD --recv C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
gpg: key F20691179038E5C6: 4 duplicate signatures removed
gpg: key F20691179038E5C6: 54614 signatures not checked due to missing keys
gpg: key F20691179038E5C6: 4 signatures reordered
gpg: key F20691179038E5C6: public key "Daniel Kahn Gillmor <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
$ ls -lh pubring.gpg
-rw-r--r-- 1 filippo staff 17M 2 Jul 16:30 pubring.gpg
Don yin muni, Sabar maɓalli na OpenPGP ba sa cire bayanan takaddun shaida. Anyi wannan ne domin ku iya bin diddigin duk ayyukan tare da takaddun shaida kuma ku hana musanya su. Saboda haka, ba shi yiwuwa a kawar da abubuwan da aka daidaita.
Ainihin, cibiyar sadarwar SKS babbar “uwar garken fayil” ce wacce kowa zai iya rubuta bayanai. Don kwatanta matsalar, a bara mazaunin GitHub
Me yasa ba a rufe raunin ba?
Babu wani dalili na rufe raunin. A baya, ba a yi amfani da shi don hare-haren hacker ba. Ko da yake al'ummar IT
Don yin gaskiya, yana da kyau a lura cewa a cikin Yuni har yanzu suna
/Unsplash/
Dangane da kwaro a tsarin asali, hadadden tsarin aiki tare yana hana gyarawa. Maɓallin cibiyar sadarwar uwar garken asali an rubuta shi azaman hujja na ra'ayi don karatun PhD na Yaron Minsky. Bugu da ƙari, an zaɓi takamaiman harshe, OCaml, don aikin. By
A kowane hali, GnuPG baya yarda cewa cibiyar sadarwar za ta taɓa gyarawa. A cikin wani rubutu akan GitHub, masu haɓakawa har ma sun rubuta cewa ba sa shawarar yin aiki tare da SKS Keyserver. A haƙiƙa, wannan shine ɗayan manyan dalilan da yasa suka fara canzawa zuwa sabbin maɓallan sabis.openpgp.org. Za mu iya kawai kallon ƙarin ci gaban abubuwan da suka faru.
Wasu abubuwa guda biyu daga rukunin yanar gizon mu:
source: www.habr.com