Membobin Ƙungiyar Tsaro ta Google sun buga wani buɗe ɗakin karatu mai tushe, Paranoid, wanda aka ƙera don gano kayan tarihi masu rauni, kamar maɓallan jama'a da sa hannun dijital, waɗanda aka ƙirƙira a cikin kayan aiki masu rauni (HSM) da tsarin software. An rubuta lambar a Python kuma an rarraba ta ƙarƙashin lasisin Apache 2.0.
Aikin na iya zama da amfani a kaikaice don tantance amfani da algorithms da ɗakunan karatu waɗanda suka san gibi da lahani waɗanda ke shafar amincin maɓallan da aka ƙirƙira da sa hannu na dijital idan kayan aikin da ake tabbatar da su an samar da su ta hanyar kayan aikin da ba za a iya isa ba ko rufaffiyar abubuwan da ke cikin akwatin baƙar fata. Har ila yau ɗakin ɗakin karatu na iya yin nazari akan jerin lambobin pseudorandom don amincin janaretansu, kuma daga tarin tarin kayan tarihi, gano matsalolin da ba a san su ba a baya da suka taso daga kurakuran shirye-shirye ko amfani da na'urorin ƙididdiga masu ƙima.
Lokacin duba abubuwan da ke cikin log ɗin jama'a na CT (Certificate Transparency) ta amfani da ɗakin karatu da aka tsara, wanda ya haɗa da bayanai game da takaddun shaida fiye da biliyan 7, ba a sami maɓallan jama'a masu matsala dangane da lanƙwasa elliptic (EC) da sa hannun dijital bisa ga ECDSA algorithm. amma an sami maɓallan jama'a masu matsala bisa tushen RSA algorithm. Musamman ma, an gano maɓallan 3586 waɗanda ba a amince da su ba waɗanda aka ƙirƙira ta lamba tare da rashin daidaituwar CVE-2008-0166 a cikin kunshin OpenSSL don Debian, maɓallan 2533 da ke da alaƙa da raunin CVE-2017-15361 a cikin ɗakin karatu na Infineon, da kuma 1860 raunin da ke da alaƙa da neman babban mai rarraba gama gari (GCD). An aika bayanai game da takaddun shaida masu matsala waɗanda suka rage a aiki ga hukumomin ba da takaddun shaida don soke su.
source: budenet.ru