Ua paʻi nā lālā o ka Pūʻulu Google Security i kahi hale waihona puke wehe ʻia, ʻo Paranoid, i hoʻolālā ʻia e ʻike i nā mea waiwai cryptographic nāwaliwali, e like me nā kī ākea a me nā pūlima kikohoʻe, i hana ʻia i loko o nā ʻōnaehana pilikia (HSM) a me nā ʻōnaehana polokalamu. Ua kākau ʻia ke code ma Python a māhele ʻia ma lalo o ka laikini Apache 2.0.
He mea pono paha ka papahana no ka loiloi ʻole ʻana i ka hoʻohana ʻana i nā algorithms a me nā hale waihona puke i ʻike i nā āpau a me nā nāwaliwali e pili ana i ka hilinaʻi o nā kī i hana ʻia a me nā pūlima kikohoʻe inā hana ʻia nā mea kiʻi i hōʻoia ʻia e nā lako hiki ʻole a i ʻole nā mea pani ʻia he pahu ʻeleʻele. Hiki i ka hale waihona puke ke kālailai i nā pūʻulu o nā helu pseudorandom no ka hilinaʻi o kā lākou mīkini hana, a mai kahi hōʻiliʻili nui o nā mea waiwai, e ʻike i nā pilikia i ʻike mua ʻole ʻia e kū mai ana mai nā hewa papahana a i ʻole ka hoʻohana ʻana i nā mea hana helu pseudorandom hiki ʻole ke hilinaʻi ʻia.
I ka nānā ʻana i nā ʻike o ka CT (Certificate Transparency) log lehulehu me ka hoʻohana ʻana i ka waihona i manaʻo ʻia, e komo pū ana ka ʻike e pili ana i nā palapala hōʻoia ma mua o 7 biliona, ʻaʻohe pilikia pilikia lehulehu e pili ana i nā pihi elliptic (EC) a me nā pūlima kikohoʻe e pili ana i ka algorithm ECDSA i loaʻa. akā ua loaʻa nā kī lehulehu pilikia ma muli o ka algorithm RSA. Ma keʻano kūikawā, ua ʻike ʻia nā kī hilinaʻi ʻole 3586 i hana ʻia e ke code me ka vulnerability unfixed CVE-2008-0166 i ka pūʻulu OpenSSL no Debian, 2533 mau kī e pili ana i ka vulnerability CVE-2017-15361 i ka waihona Infineon, a me 1860 mau kī. pili i ka ʻimi ʻana i ka mea hoʻokaʻawale maʻamau (GCD). Ua hoʻouna ʻia ka ʻike e pili ana i nā palapala hōʻoia pilikia i hoʻohana ʻia i nā mana hōʻoia no ka hoʻopau ʻana.
Source: opennet.ru