ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tso tawm hostapd thiab wpa_supplicant 2.10

Tso tawm hostapd thiab wpa_supplicant 2.10

Tom qab ib xyoos thiab ib nrab ntawm txoj kev loj hlob, qhov kev tso tawm ntawm hostapd/wpa_supplicant 2.10 tau raug npaj, ib txheej rau kev txhawb nqa wireless raws tu qauv IEEE 802.1X, WPA, WPA2, WPA3 thiab EAP, muaj xws li wpa_supplicant daim ntawv thov txuas mus rau lub wireless network. raws li tus neeg siv khoom thiab cov txheej txheem hostapd keeb kwm yav dhau los muab kev ua haujlwm ntawm qhov chaw nkag thiab kev lees paub tus neeg rau zaub mov, suav nrog cov khoom xws li WPA Authenticator, RADIUS authentication client / server, EAP server. Qhov chaws ntawm qhov project yog muab faib raws li BSD daim ntawv tso cai.

Ntxiv rau qhov kev hloov pauv ua haujlwm, tus tshiab version thaiv qhov tshiab sab-channel nres vector cuam tshuam rau SAE (Simultaneous Authentication of Equals) kev sib tham txoj kev sib txuas thiab EAP-pwd raws tu qauv. Tus neeg tawm tsam uas muaj peev xwm ua tiav cov cai tsis raug cai ntawm qhov system ntawm tus neeg siv txuas rau lub wireless network tuaj yeem, los ntawm kev saib xyuas kev ua haujlwm ntawm lub kaw lus, tau txais cov ntaub ntawv hais txog tus lej password thiab siv lawv los ua kom yooj yim lo lus zais twv hauv hom offline. Qhov teeb meem yog tshwm sim los ntawm kev xau los ntawm cov neeg thib peb raws ntawm cov ntaub ntawv hais txog tus yam ntxwv ntawm tus password, uas tso cai, raws li cov ntaub ntawv tsis ncaj, xws li kev hloov pauv hauv kev ncua sijhawm ua haujlwm, kom paub meej qhov tseeb ntawm kev xaiv ntawm ntu ntawm tus password hauv txheej txheem ntawm kev xaiv nws.

Tsis zoo li cov teeb meem zoo sib xws tau kho nyob rau xyoo 2019, qhov tsis zoo tshiab yog tshwm sim los ntawm qhov tseeb tias sab nraud cryptographic primitives siv hauv crypto_ec_point_solve_y_coord() ua haujlwm tsis tau muab lub sijhawm ua tiav tas mus li, tsis hais qhov xwm txheej ntawm cov ntaub ntawv raug ua tiav. Raws li kev soj ntsuam ntawm tus cwj pwm ntawm cov processor cache, tus neeg tawm tsam uas muaj peev xwm khiav cov cai tsis muaj txiaj ntsig ntawm tib lub processor core tuaj yeem tau txais cov ntaub ntawv hais txog kev nce qib ntawm kev ua haujlwm password hauv SAE / EAP-pwd. Qhov teeb meem cuam tshuam rau tag nrho cov versions ntawm wpa_supplicant thiab hostapd compiled nrog kev txhawb nqa rau SAE (CONFIG_SAE=y) thiab EAP-pwd (CONFIG_EAP_PWD=y).

Lwm qhov kev hloov pauv hauv kev tshaj tawm tshiab ntawm hostapd thiab wpa_supplicant:

  • Ntxiv lub peev xwm los tsim nrog OpenSSL 3.0 cryptographic tsev qiv ntawv.
  • Lub Beacon Protection mechanism tau npaj rau hauv WPA3 kev hloov kho tshwj xeeb tau raug siv, tsim los tiv thaiv kev tawm tsam ntawm lub wireless network uas tswj kev hloov pauv hauv Beacon thav duab.
  • Ntxiv kev txhawb nqa rau DPP 2 (Wi-Fi Device Provisioning Protocol), uas txhais cov pej xeem tseem ceeb authentication txoj kev siv nyob rau hauv WPA3 tus qauv rau kev yooj yim configuration ntawm li yam tsis muaj ib tug on-screen interface. Kev teeb tsa yog nqa tawm siv lwm lub cuab yeej tshaj lij uas twb tau txuas nrog lub wireless network. Piv txwv li, cov kev txwv rau IoT yam tsis muaj lub vijtsam tuaj yeem teeb tsa los ntawm lub xov tooj smartphone raws li lub snapshot ntawm QR code luam tawm ntawm rooj plaub;
  • Ntxiv kev txhawb nqa rau Extended Key ID (IEEE 802.11-2016).
  • Kev them nyiaj yug rau SAE-PK (SAE Public Key) kev ruaj ntseg mechanism tau ntxiv rau kev siv SAE kev sib txuas lus sib tham txoj kev. Ib hom kev xa ntawv lees paub tam sim yog siv, qhib los ntawm "sae_config_immediate = 1" kev xaiv, nrog rau hash-to-element mechanism, enabled thaum lub sae_pwe parameter yog teem rau 1 lossis 2.
  • Kev siv EAP-TLS tau ntxiv kev txhawb nqa rau TLS 1.3 (disabled los ntawm lub neej ntawd).
  • Ntxiv cov chaw tshiab (max_auth_rounds, max_auth_rounds_short) los hloov cov kev txwv ntawm tus naj npawb ntawm EAP cov lus nyob rau hauv cov txheej txheem authentication (hloov txwv yuav tsum tau thaum siv daim ntawv pov thawj loj heev).
  • Ntxiv kev txhawb nqa rau PASN (Pre Association Security Negotiation) txheej txheem los tsim kom muaj kev sib txuas ruaj ntseg thiab tiv thaiv kev sib pauv ntawm kev tswj hwm ntawm qhov kev sib txuas ua ntej.
  • Txoj Kev Hloov Kho Disable mechanism tau raug coj los siv, uas tso cai rau koj los txiav txim siab roaming hom, uas tso cai rau koj hloov ntawm cov ntsiab lus nkag thaum koj txav mus, txhawm rau txhim kho kev ruaj ntseg.
  • Kev them nyiaj yug rau WEP raws tu qauv yog cais los ntawm lub neej ntawd tsim (rebuilding nrog CONFIG_WEP = y kev xaiv yuav tsum tau rov qab WEP kev them nyiaj yug). Tshem tawm cov haujlwm qub txeeg qub teg uas cuam tshuam nrog Inter-Access Point Protocol (IAPP). Kev them nyiaj yug rau libnl 1.1 tau raug txiav lawm. Ntxiv kev xaiv tsim CONFIG_NO_TKIP=y rau kev tsim tsis muaj TKIP kev txhawb nqa.
  • Txhim kho qhov tsis zoo hauv kev siv UPnP (CVE-2020-12695), hauv P2P / Wi-Fi Direct handler (CVE-2021-27803) thiab hauv PMF tiv thaiv mechanism (CVE-2019-16275).
  • Hostapd-kev hloov pauv tshwj xeeb suav nrog kev txhawb nqa ntxiv rau HEW (High-Efficiency Wireless, IEEE 802.11ax) wireless networks, suav nrog kev muaj peev xwm siv 6 GHz zaus ntau.
  • Hloov tshwj xeeb rau wpa_supplicant:
    • Ntxiv kev txhawb nqa rau kev nkag mus rau hom kev teeb tsa rau SAE (WPA3-Personal).
    • P802.11P hom kev txhawb nqa yog siv rau EDMG raws (IEEE 2ay).
    • Txhim kho kev kwv yees dhau los thiab xaiv BSS.
    • Kev tswj interface ntawm D-Bus tau nthuav dav.
    • Ib qho backend tshiab tau ntxiv rau kev khaws cov passwords hauv cov ntaub ntawv cais, tso cai rau koj tshem tawm cov ntaub ntawv rhiab ntawm cov ntaub ntawv tseem ceeb.
    • Ntxiv cov cai tshiab rau SCS, MSCS thiab DSCP.

Tau qhov twg los: opennet.ru

Ntxiv ib saib