bayani game da sabon (CVE-2020-1968) a cikin ka'idar TLS, mai suna
da ƙyale, a cikin yanayi mai wuya, don ƙayyade maɓalli na farko (pre-master), wanda za'a iya amfani dashi don lalata haɗin TLS, gami da HTTPS, lokacin da ake hana zirga-zirgar ababen hawa (MITM). An lura cewa harin yana da matukar wahala don aiwatarwa a aikace kuma ya fi yanayin ka'ida. Don kai hari, ana buƙatar takamaiman tsari na uwar garken TLS da ikon auna daidai lokacin sarrafa sabar.
Matsalar tana nan kai tsaye a cikin ƙayyadaddun TLS kuma tana shafar haɗin kai kawai ta amfani da ciphers dangane da ka'idar musayar maɓallin DH (Diffie-Hellman, TLS_DH_*)). Tare da sifofin ECDH matsalar ba ta faruwa kuma sun kasance amintacce. Ka'idojin TLS kawai har zuwa sigar 1.2 suna da rauni; TLS 1.3 matsalar ba ta shafe su ba. Rashin lahani yana faruwa a cikin aiwatar da TLS waɗanda ke sake amfani da maɓallin sirri na DH ta hanyoyin haɗin TLS daban-daban (wannan halin yana faruwa akan kusan 4.4% na sabar Alexa Top 1M).
A cikin OpenSSL 1.0.2e da sakewa na baya, ana sake amfani da maɓallin farko na DH a duk haɗin haɗin uwar garken sai dai in an saita zaɓin SSL_OP_SINGLE_DH_USE a sarari. Tun da OpenSSL 1.0.2f, ana sake amfani da maɓallin farko na DH lokacin amfani da madaidaicin DH ciphers ("DH-*", misali "DH-RSA-AES256-SHA"). Rashin lahani ba ya bayyana a cikin OpenSSL 1.1.1, tun da wannan reshe baya amfani da maɓallin farko na DH kuma baya amfani da madaidaicin DH ciphers.
Lokacin amfani da hanyar musanyar maɓalli na DH, ɓangarorin haɗin biyu suna haifar da maɓallan sirri bazuwar (daga nan maɓalli "a" da maɓalli "b"), bisa ga maɓallan jama'a (ga mod p da gb mod p) ana ƙididdige su da aikawa. Bayan kowace ƙungiya ta karɓi maɓallan jama'a, ana ƙididdige maɓalli na gama-gari (gab mod p), wanda ake amfani da shi don samar da maɓallin zama. Harin Raccoon yana ba ku damar tantance maɓalli na farko ta hanyar nazarin tashoshi na gefe, dangane da gaskiyar cewa ƙayyadaddun TLS har zuwa sigar 1.2 na buƙatar duk manyan bytes na maɓalli na farko a jefar da su kafin lissafin da ke tattare da shi.
Ciki har da maɓalli na farko da aka yanke zuwa aikin maɓalli na zaman, wanda ya dogara da ayyukan hash tare da jinkiri daban-daban lokacin sarrafa bayanai daban-daban. Yin auna daidai lokacin mahimman ayyukan da uwar garken ke yi yana bawa maharin damar tantance alamun (oracle) waɗanda ke ba da damar yin hukunci ko maɓallin farko ya fara daga karce ko a'a. Misali, mai kai hari zai iya kutsa maballin jama'a (ga) wanda abokin ciniki ya aiko, sake tura shi zuwa uwar garken kuma ya tantance.
ko sakamakon farko na maɓalli ya fara daga sifili.
Da kanta, ayyana byte ɗaya na maɓalli ba ya ba da wani abu, amma ta hanyar katse ƙimar "ga" da abokin ciniki ya watsa yayin tattaunawar haɗin gwiwa, maharin na iya samar da saitin wasu dabi'u masu alaƙa da "ga" kuma aika su zuwa ga. uwar garken a cikin zaman tattaunawar haɗin kai daban. Ta hanyar ƙirƙira da aika ƙimar “gri * ga”, maharin na iya, ta hanyar nazarin canje-canjen jinkiri a cikin martanin uwar garken, ƙayyade ƙimar da ke haifar da karɓar maɓallan farko daga sifili. Bayan an tantance irin waɗannan ƙima, maharin na iya ƙirƙira saitin ma'auni don kuma a lissafta ainihin maɓalli na farko.
Buɗe rashin lahani na SSL ƙananan matakin haɗari, kuma an rage gyara zuwa matsar da matsala masu matsala "TLS_DH_*" a cikin sakin 1.0.2w zuwa nau'in ciphers tare da ƙarancin kariya ("rauni-ssl-ciphers"), wanda aka kashe ta tsohuwa. . Masu haɓaka Mozilla sun yi abu iri ɗaya, a cikin ɗakin karatu na NSS da aka yi amfani da shi a Firefox, DH da DHE cipher suites. Tun daga Firefox 78, an kashe matsaloli masu matsala. An dakatar da tallafin Chrome don DH a cikin 2016. Matsalolin ba su shafan ɗakunan karatu na BearSSL, BoringSSL, Botan, Mbed TLS da s2n saboda ba sa goyan bayan bayanan DH ko bambance-bambancen sifofi na DH.
Ana lura da ƙarin matsalolin daban () a cikin tarin TLS na na'urorin F5 BIG-IP, wanda ya sa harin ya zama mai gaskiya. Musamman ma, an gano karkatattun halayen na'urori a gaban sifilin sifili a farkon maɓalli na farko, waɗanda za a iya amfani da su maimakon auna madaidaicin latency na lissafin.
source: budenet.ru