ExpressVPN ta sanar da aiwatar da tushen bude hanyar ka'idar Lightway, wanda aka tsara don cimma ƙarancin lokacin saitin haɗin gwiwa yayin kiyaye babban matakin tsaro da aminci. An rubuta lambar a cikin harshen C kuma an rarraba ta ƙarƙashin lasisin GPLv2. Yin aiwatarwa yana da ɗanɗano sosai kuma ya dace da layin lamba dubu biyu. An ayyana goyan bayan Linux, Windows, macOS, iOS, dandamali na Android, masu tuƙi (Asus, Netgear, Linksys) da masu bincike. Taro yana buƙatar amfani da tsarin haɗin duniya da na Ceedling. An shirya aiwatarwa azaman ɗakin karatu wanda zaku iya amfani da shi don haɗa abokin ciniki na VPN da ayyukan uwar garke cikin aikace-aikacenku.
Lambar tana amfani da aikin da aka riga aka gina, ingantattun ayyukan sirrin da ɗakin karatu na wolfSSL ya samar, wanda aka riga aka yi amfani dashi a cikin ƙwararrun hanyoyin FIPS 140-2. A cikin yanayin al'ada, ƙa'idar tana amfani da UDP don watsa bayanai da DTLS don ƙirƙirar tashar sadarwar rufaffiyar. A matsayin zaɓi don tabbatar da aiki akan cibiyoyin sadarwa na UDP marasa aminci ko ƙuntatawa, uwar garken yana samar da mafi aminci, amma a hankali, yanayin yawo wanda ke ba da damar canja wurin bayanai akan TCP da TLSv1.3.
Gwaje-gwajen da ExpressVPN ya gudanar ya nuna cewa idan aka kwatanta da tsofaffin ladabi (ExpressVPN yana goyan bayan L2TP/IPSec, OpenVPN, IKEv2, PPTP, WireGuard da SSTP, amma bai dalla-dalla abin da aka kwatanta daidai ba), canzawa zuwa Lightway ya rage lokacin saitin haɗin kai akan matsakaicin sau 2.5 (a cikin). fiye da rabin lokuta ana ƙirƙirar tashar sadarwa cikin ƙasa da daƙiƙa). Sabuwar yarjejeniya ta kuma ba da damar rage adadin katse haɗin yanar gizo da kashi 40 cikin ɗari a cikin hanyoyin sadarwar wayar hannu marasa aminci waɗanda ke da matsala ta ingancin sadarwa.
Za a aiwatar da ci gaban aiwatar da aiwatar da ƙa'idar akan GitHub, tare da damar wakilan al'umma don shiga cikin ci gaba (don canja wurin canje-canje, dole ne ku sanya hannu kan yarjejeniyar CLA akan canja wurin haƙƙin mallaka zuwa lambar). Hakanan ana gayyatar sauran masu ba da sabis na VPN don ba da haɗin kai, saboda suna iya amfani da ƙa'idar da aka tsara ba tare da hani ba.
An tabbatar da tsaron aikin ne sakamakon wani bincike mai zaman kansa da Cure53 ya yi, wanda a lokaci guda ya bincika NTPsec, SecureDrop, Cryptocat, F-Droid da Dovecot. Binciken ya ƙunshi tabbatar da lambobin tushe kuma ya haɗa da gwaje-gwaje don gano yiwuwar lahani (ba a yi la'akari da batutuwan da suka shafi cryptography ba). Gabaɗaya, an ƙididdige ingancin lambar a matsayin mai girma, amma, duk da haka, gwajin ya nuna lahani guda uku waɗanda za su iya haifar da ƙin sabis, da lahani ɗaya wanda ke ba da damar yin amfani da ƙa'idar azaman haɓakar zirga-zirga yayin harin DDoS. An riga an gyara waɗannan matsalolin, kuma an yi la'akari da maganganun inganta lambar. Har ila yau, binciken ya dubi sanannun lahani da batutuwa a cikin abubuwan da suka shafi ɓangare na uku, kamar libdnet, WolfSSL, Unity, Libuv da lua-crypt. Matsalolin galibi ƙanana ne, ban da MITM a cikin WolfSSL (CVE-2021-3336).
source: budenet.ru