bayani game da sabon (CVE-2020-1968) a cikin ka'idar TLS, mai suna
Wannan harin, wanda, a cikin yanayi da ba kasafai ba, yana ba da damar tantance maɓalli na farko wanda za a iya amfani da shi don lalata haɗin TLS, gami da HTTPS, yayin harin mutum-in-da-tsakiyar (MITM). An lura cewa harin yana da matukar wahala a iya aiwatarwa kuma yana da mahimmanci a yanayi. Aiwatar da harin yana buƙatar ƙayyadaddun tsarin sabar TLS da ikon auna daidai lokacin sarrafa sabar.
Batun yana nan kai tsaye a cikin ƙayyadaddun TLS kuma yana shafar haɗin kai kawai ta amfani da ciphers dangane da ka'idar musayar maɓallin DH (Diffie-Hellman, TLS_DH_*) . ECDH ciphers ba su shafa ba, kuma sun kasance amintacce. Ka'idojin TLS kawai har zuwa kuma gami da sigar 1.2 ne kawai ke da rauni; TLS 1.3 ba ya shafar maɓalli daban-daban na aiwatar da TLS. Haɗin TLS (ana lura da wannan hali akan kusan 4.4% na sabobin a cikin Alexa Top 1M ranking).
A cikin BuɗeSSL 1.0.2e da sakewa na baya, ana sake amfani da maɓallin farko na DH a duk haɗin haɗin uwar garken sai dai in an saita zaɓin SSL_OP_SINGLE_DH_USE a sarari. An fara da OpenSSL 1.0.2f, ana sake amfani da maɓallin farko na DH kawai lokacin amfani da sifofin DH na tsaye ("DH-*", misali, "DH-RSA-AES256-SHA"). OpenSSL 1.1.1 baya nuna wannan raunin, saboda wannan reshe baya amfani da maɓalli na farko na DH kuma baya amfani da tsayayyen DH ciphers.
Lokacin amfani da hanyar musanya maɓallin DH, duka ƙarshen haɗin haɗin yana haifar da maɓallan sirri bazuwar (maɓallin nan "a" da maɓalli "b"), daga inda ake ƙididdige maɓallan jama'a (ga mod p da gb mod p). Bayan karɓar maɓallan jama'a, kowane ƙarshen yana ƙididdige maɓalli na farko (gab mod p), wanda ake amfani da shi don samar da maɓallan zaman. Harin Raccoon yana ba mutum damar tantance maɓalli na farko ta hanyar nazarin tashoshi na gefe, ta yin amfani da gaskiyar cewa ƙayyadaddun TLS har zuwa sigar 1.2 na buƙatar watsar da duk manyan sifili bytes na maɓalli na farko kafin yin lissafin da ke tattare da shi.
Daga cikin wasu abubuwa, maɓalli na farko da aka yanke ana wuce shi zuwa aikin maɓalli na tsara zaman, wanda ya dogara da ayyukan hash tare da latency daban-daban lokacin sarrafa bayanai daban-daban. Yin auna daidai lokacin da uwar garken ke ɗauka don aiwatar da ayyuka masu mahimmanci yana bawa maharin damar tantance alamun (oracles) waɗanda ke ba mutum damar tantance ko maɓallin farko yana farawa da sifili ko a'a. Misali, mai kai hari zai iya kutsa maballin jama'a (ga) wanda abokin ciniki ya aiko, ya sake aika shi zuwa uwar garken, kuma ya tantance.
ko sakamakon farko na maɓalli yana farawa da sifili.
Da kanta, ƙayyade byte ɗaya na maɓalli ba ya haifar da komai, amma ta hanyar tsinkayar ƙimar "ga" da abokin ciniki ke watsawa yayin haɗin haɗin gwiwa, maharan na iya ƙirƙirar saitin wasu dabi'u masu alaƙa da "ga" kuma aika su zuwa uwar garken a cikin lokutan musafaha daban-daban. Ta hanyar ƙirƙira da aika ƙimar "gri*ga", maharin na iya, ta hanyar nazarin canjin latency na martanin uwar garken, ƙayyade ƙimar da ke haifar da maɓallan farko da suka fara da sifili. Bayan tantance irin waɗannan ƙima, maharin na iya gina saitin ma'auni don kuma a lissafta ainihin maɓalli na farko.
Buɗe rashin lahani na SSL ƙananan matakin, kuma gyaran ya ƙunshi matsar da matsala "TLS_DH_*" a cikin sakin 1.0.2w zuwa "rauni-ssl-ciphers", wanda aka kashe ta tsohuwa. Masu haɓaka Mozilla sun yi haka, Laburaren NSS da aka yi amfani da shi a Firefox yana goyan bayan DH da DHE cipher suites. An fara da Firefox 78, an kashe masu matsala. Chrome ya watsar da goyon baya ga DH baya a cikin 2016. Abubuwan BearSSL, BoringSSL, Botan, Mbed TLS, da s2n dakunan karatu ba su shafi batun ba, saboda ba sa goyan bayan ciphers DH ko bambance-bambancen cipher DH.
Ana lura da ƙarin matsalolin daban () a cikin tarin TLS na na'urorin F5 BIG-IP, wanda ya sa harin ya zama mai gaskiya. Musamman, an gano karkatattun halayen na'ura lokacin da sifili ta kasance a farkon maɓalli na farko, wanda za'a iya amfani dashi maimakon auna madaidaicin latency yayin ƙididdigewa.
source: budenet.ru
