Cov kws tshawb fawb los ntawm Fab Kis Lub Tsev Haujlwm Saib Xyuas Kev Tshawb Fawb hauv Informatics thiab Automation (INRIA) thiab Nanyang Technological University (Singapore) tau nthuav tawm txoj kev tawm tsam (), uas yog touted raws li thawj qhov kev siv ntawm kev tawm tsam ntawm SHA-1 algorithm uas tuaj yeem siv los tsim cov npe cuav PGP thiab GnuPG digital kos npe. Cov kws tshawb fawb ntseeg tias txhua qhov kev tawm tsam ntawm MD5 tam sim no tuaj yeem siv rau SHA-1, txawm hais tias lawv tseem xav tau cov peev txheej tseem ceeb los siv.
Cov txheej txheem yog nyob ntawm kev ua , uas tso cai rau koj xaiv ntxiv rau ob qhov kev txiav txim siab cov ntaub ntawv, thaum txuas nrog, cov khoom tso tawm yuav tsim cov teeb tsa uas ua rau muaj kev sib tsoo, daim ntawv thov ntawm SHA-1 algorithm uas yuav ua rau tsim cov txiaj ntsig zoo ib yam. Hauv lwm lo lus, rau ob daim ntawv uas twb muaj lawm, ob qho ntxiv tuaj yeem suav tau, thiab yog tias ib qho ntxiv rau thawj daim ntawv thiab lwm yam rau qhov thib ob, qhov tshwm sim SHA-1 hashes rau cov ntaub ntawv no yuav zoo ib yam.
Txoj kev tshiab txawv ntawm yav dhau los cov tswv yim zoo sib xws los ntawm kev ua kom muaj txiaj ntsig ntawm kev sib tsoo kev tshawb nrhiav thiab ua kom pom cov tswv yim siv rau kev tawm tsam PGP. Tshwj xeeb, cov kws tshawb fawb tau tuaj yeem npaj ob PGP pej xeem cov yuam sij sib txawv (RSA-8192 thiab RSA-6144) nrog cov neeg siv sib txawv thiab nrog cov ntawv pov thawj uas ua rau muaj kev sib tsoo SHA-1. suav nrog tus neeg raug tsim txom ID, thiab suav nrog lub npe thiab duab ntawm tus neeg tawm tsam. Ntxiv mus, ua tsaug rau kev xaiv kev sib tsoo, daim ntawv pov thawj tseem ceeb, suav nrog tus yuam sij thiab tus neeg tawm tsam cov duab, muaj tib SHA-1 hash raws li daim ntawv pov thawj, suav nrog tus neeg raug tsim txom tus yuam sij thiab lub npe.
Tus neeg tawm tsam tuaj yeem thov kos npe digital rau nws tus yuam sij thiab cov duab los ntawm ib tus neeg thib peb daim ntawv pov thawj txoj cai, thiab tom qab ntawd hloov tus lej kos npe rau tus neeg raug tsim txom tus yuam sij. Cov kos npe digital tseem muaj tseeb vim muaj kev sib tsoo thiab kev txheeb xyuas ntawm tus neeg tawm tsam tus yuam sij los ntawm cov ntaub ntawv pov thawj, uas tso cai rau tus neeg tawm tsam kom tau txais kev tswj hwm tus yuam sij nrog tus neeg raug tsim txom lub npe (vim SHA-1 hash rau ob lub yuam sij yog tib yam). Yog li ntawd, tus neeg tawm tsam tuaj yeem ua tus neeg raug tsim txom thiab kos npe rau ib daim ntawv rau nws.
Qhov kev tawm tsam tseem kim heev, tab sis twb muaj nqis heev rau cov kev pabcuam txawj ntse thiab cov tuam txhab loj. Rau kev xaiv kev sib tsoo yooj yim siv tus nqi pheej yig dua NVIDIA GTX 970 GPU, tus nqi yog 11 txhiab las, thiab rau kev xaiv kev sib tsoo nrog cov ntawv sau ua ntej - 45 txhiab daus las (rau kev sib piv, hauv 2012 tus nqi rau kev xaiv kev sib tsoo hauv SHA-1 tau kwv yees. ntawm 2 lab daus las, thiab hauv 2015 - 700 txhiab). Txhawm rau ua qhov kev tawm tsam ntawm PGP, nws siv ob lub hlis ntawm kev suav siv 900 NVIDIA GTX 1060 GPUs, qhov kev xauj tsev uas raug nqi rau cov kws tshawb fawb $ 75.
Txoj kev tshawb nrhiav kev sib tsoo uas tau thov los ntawm cov kws tshawb fawb yog kwv yees li 10 npaug ntau dua li qhov ua tiav dhau los - theem kev sib tsoo ntawm kev sib tsoo raug txo rau 261.2 kev ua haujlwm, tsis yog 264.7, thiab kev sib tsoo nrog cov lus qhia ua ntej rau 263.4 kev ua haujlwm tsis yog 267.1. Cov kws tshawb fawb pom zoo kom hloov los ntawm SHA-1 mus rau kev siv SHA-256 lossis SHA-3 sai li sai tau, vim lawv kwv yees tias tus nqi ntawm kev tawm tsam yuav poob rau $ 2025 los ntawm 10.
Cov neeg tsim khoom GnuPG tau ceeb toom txog qhov teeb meem thaum Lub Kaum Hli 1 (CVE-2019-14855) thiab tau nqis tes los thaiv cov ntawv pov thawj muaj teeb meem thaum lub Kaum Ib Hlis 25 hauv kev tso tawm GnuPG 2.2.18 - tag nrho SHA-1 cov npe digital kos npe tsim tom qab Lub Ib Hlis 19 ntawm xyoo tas los no tam sim no lees paub tias tsis raug. CAcert, ib qho ntawm cov ntawv pov thawj tseem ceeb rau cov yuam sij PGP, npaj yuav hloov mus rau kev siv cov hash ruaj ntseg dua rau cov ntawv pov thawj tseem ceeb. Cov neeg tsim tawm OpenSSL, hauv kev teb rau cov ntaub ntawv hais txog txoj kev tawm tsam tshiab, tau txiav txim siab kaw SHA-1 ntawm lub neej ntawd thawj theem kev ruaj ntseg (SHA-1 tsis tuaj yeem siv rau daim ntawv pov thawj thiab kos npe digital thaum lub sijhawm sib tham sib txuas lus).
Tau qhov twg los: opennet.ru