Ma hope o ka nānā ʻana: he aha ka mea i ʻike ʻia e pili ana i ka hoʻouka hou ʻana ma ka pūnaewele SKS Keyserver o nā kikowaena kī crypto

Ua hoʻohana nā mea hacker i kahi hiʻohiʻona o ka OpenPGP protocol i ʻike ʻia no nā makahiki he ʻumi.

Hōʻike mākou iā ʻoe i ke kumu a me ke kumu hiki ʻole iā lākou ke pani.

/Unsplash/ Chunlea Ju

Nā pilikia pūnaewele

I ka waena o Iune, ʻike ʻole ʻia hoʻouka kaua i kahi pūnaewele o nā kikowaena kī cryptographic SKS Keyserver, kūkulu ʻia ma ka protocol OpenPGP. He kūlana IETF kēia (RFC 4880), i hoʻohana ʻia no ka hoʻopili ʻana i ka leka uila a me nā memo ʻē aʻe. Ua hoʻokumu ʻia ka pūnaewele SKS i kanakolu makahiki i hala e puʻunaue i nā palapala hōʻoia lehulehu. Loaʻa iā ia nā mea hana e like me ʻO GnuPG no ka hoʻopili ʻana i ka ʻikepili a me ka hana ʻana i nā pūlima kikohoʻe uila.

Ua hoʻololi nā mea hackers i nā palapala hōʻoia o ʻelua mau mea mālama papahana GnuPG, ʻo Robert Hansen lāua ʻo Daniel Gillmor. ʻO ka hoʻouka ʻana i kahi palapala hōʻoia ʻino mai ke kikowaena ke kumu i hāʻule ʻole ai ʻo GnuPG-e maloʻo wale ka ʻōnaehana. Aia ke kumu e manaʻoʻiʻo ai ʻaʻole e pau ka poʻe hoʻouka i laila, a e hoʻonui wale ʻia ka helu o nā palapala hōʻoia. I kēia manawa, ʻaʻole ʻike ʻia ka nui o ka pilikia.

ʻO ke ʻano o ka hoʻouka ʻana

Ua hoʻohana ka poʻe hackers i kahi nāwaliwali i ka protocol OpenPGP. Ua ʻike ʻia ʻo ia e ke kaiāulu no nā makahiki he mau makahiki. ʻOiai ma GitHub hiki ke loaʻa nā hoʻohana kūpono. Akā i kēia manawa ʻaʻohe mea i lawe i ke kuleana no ka pani ʻana i ka "puka" (e kamaʻilio mākou e pili ana i nā kumu i nā kikoʻī hou aku ma hope).

ʻElua mau koho mai kā mākou blog ma Habré:

• SDN digest - ʻeono mau emulators kumu wehe
• Pehea e hana ai i ka SDN - ʻEwalu Mea Hana Puna Māmā
• Hoʻopili pūnaewele: 17 mau mea loea e pili ana i Wi-Fi a me 5G

Wahi a ka wehewehe OpenPGP, hiki i kekahi ke hoʻohui i nā pūlima kikohoʻe i nā palapala hōʻoia e hōʻoia i ko lākou mea nona. Eia kekahi, ʻaʻole i hoʻoponopono ʻia ka helu kiʻekiʻe o nā pūlima. A eia kahi pilikia - hiki i ka pūnaewele SKS ke kau iā ʻoe a hiki i 150 tausani mau pūlima ma kahi palapala hoʻokahi, akā ʻaʻole kākoʻo ʻo GnuPG i kēlā helu. No laila, i ka hoʻouka ʻana i ka palapala hōʻoia, hoʻokuʻu ʻo GnuPG (a me nā hoʻokō OpenPGP ʻē aʻe).

ʻO kekahi o nā mea hoʻohana hana hoʻokolohua - ʻo ka lawe ʻana i ka palapala hōʻoia i lawe iā ia ma kahi o 10 mau minuke. Ua ʻoi aku ka nui o ka palapala hōʻoia ma mua o 54 tausani mau pūlima, a ʻo 17 MB kona kaumaha:

$ gpg --homedir=$PWD --recv C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
gpg: key F20691179038E5C6: 4 duplicate signatures removed
gpg: key F20691179038E5C6: 54614 signatures not checked due to missing keys
gpg: key F20691179038E5C6: 4 signatures reordered
gpg: key F20691179038E5C6: public key "Daniel Kahn Gillmor <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
$ ls -lh pubring.gpg
-rw-r--r--  1 filippo  staff    17M  2 Jul 16:30 pubring.gpg

I mea e ʻoi aku ka hewa, ʻaʻole wehe nā kikowaena kī OpenPGP i ka ʻike palapala. Hana ʻia kēia i hiki iā ʻoe ke ʻimi i ke kaulahao o nā hana āpau me nā palapala hōʻoia a pale i kā lākou hoʻololi. No laila, ʻaʻole hiki ke hoʻopau i nā mea i hoʻopili ʻia.

ʻO ka mea nui, ʻo ka pūnaewele SKS he "file server" nui i hiki i kekahi ke kākau i ka ʻikepili. E hōʻike i ka pilikia, i ka makahiki i hala ʻo GitHub kamaʻāina hana ʻia kahi ʻōnaehana faila, e mālama ana i nā palapala ma kahi pūnaewele o nā kikowaena kī cryptographic.

No ke aha i pani ʻole ʻia ai ka nāwaliwali?

ʻAʻohe kumu e pani ai i ka nāwaliwali. Ma mua, ʻaʻole i hoʻohana ʻia no ka hoʻouka kaua hacker. ʻOiai ke kaiāulu IT noi no ka manawa loihi Pono nā mea hoʻomohala SKS a me OpenPGP e hoʻolohe i ka pilikia.

No ka maikaʻi, pono e hoʻomaopopo i ka mahina o Iune hoʻolana kikowaena kī hoʻokolohua keys.openpgp.org. Hāʻawi ia i ka pale mai kēia mau ʻano hoʻouka kaua. Eia nō naʻe, paʻa kona waihona mai ka wā ʻōpala, a ʻo ka server ponoʻī ʻaʻole ia he ʻāpana o SKS. No laila, e lōʻihi ka manawa ma mua o ka hoʻohana ʻana.

/Unsplash/ ʻO Rubén Bagües

ʻO ka bug i loko o ka ʻōnaehana kumu, kahi hana hoʻonohonoho paʻakikī e pale iā ia mai ka hoʻopaʻa ʻana. Ua kākau mua ʻia ke kikowaena kikowaena koʻikoʻi ma ke ʻano he hōʻoia o ka manaʻo no ka thesis PhD a Yaron Minsky. Eia kekahi, ua koho ʻia kahi ʻōlelo kikoʻī, ʻo OCaml, no ka hana. Na e like me mea mālama ʻo Robert Hansen, paʻakikī ke hoʻomaopopo ʻana i ke code, no laila ua hana ʻia nā hoʻoponopono liʻiliʻi. No ka hoʻololi ʻana i ka hoʻolālā SKS, pono e kākau hou ʻia mai ka ʻōpala.

I kekahi hihia, ʻaʻole manaʻo ʻo GnuPG e hoʻopaʻa ʻia ka pūnaewele. Ma kahi pou ma GitHub, ua kākau nā mea hoʻomohala ʻaʻole lākou e ʻōlelo e hana pū me SKS Keyserver. ʻOiaʻiʻo, ʻo ia kekahi o nā kumu nui i hoʻomaka ai lākou i ka hoʻololi ʻana i ke kī lawelawe hou.openpgp.org. Hiki iā mākou ke nānā wale i ka hoʻomohala hou ʻana o nā hanana.

ʻElua mau mea mai kā mākou blog hui:

• ʻO Botnet "spam" ma o nā mea hoʻokele: ka mea e pono ai ʻoe e ʻike
• DDoS a me 5G: ʻoi aku ka nui o ka "paipu" ʻoi aku ka nui o nā pilikia
• Pahu ahi a i ʻole DPI - nā mea hana pale no nā kumu like ʻole
• Pūnaewele i ke kauhale - ke kūkulu ʻana i kahi pūnaewele hoʻolele lekiō Wi-Fi

Source: www.habr.com