Cov kws tshawb fawb los ntawm Fab Kis Lub Tsev Haujlwm Saib Xyuas Kev Tshawb Fawb hauv Informatics thiab Automation (INRIA) thiab Nanyang Technological University (Singapore) tau nthuav tawm txoj kev tawm tsam
Cov txheej txheem yog nyob ntawm kev ua
Txoj kev tshiab txawv ntawm yav dhau los cov tswv yim zoo sib xws los ntawm kev ua kom muaj txiaj ntsig ntawm kev sib tsoo kev tshawb nrhiav thiab ua kom pom cov tswv yim siv rau kev tawm tsam PGP. Tshwj xeeb, cov kws tshawb fawb tau tuaj yeem npaj ob PGP pej xeem cov yuam sij sib txawv (RSA-8192 thiab RSA-6144) nrog cov neeg siv sib txawv thiab nrog cov ntawv pov thawj uas ua rau muaj kev sib tsoo SHA-1.
Tus neeg tawm tsam tuaj yeem thov kos npe digital rau nws tus yuam sij thiab cov duab los ntawm ib tus neeg thib peb daim ntawv pov thawj txoj cai, thiab tom qab ntawd hloov tus lej kos npe rau tus neeg raug tsim txom tus yuam sij. Cov kos npe digital tseem muaj tseeb vim muaj kev sib tsoo thiab kev txheeb xyuas ntawm tus neeg tawm tsam tus yuam sij los ntawm cov ntaub ntawv pov thawj, uas tso cai rau tus neeg tawm tsam kom tau txais kev tswj hwm tus yuam sij nrog tus neeg raug tsim txom lub npe (vim SHA-1 hash rau ob lub yuam sij yog tib yam). Yog li ntawd, tus neeg tawm tsam tuaj yeem ua tus neeg raug tsim txom thiab kos npe rau ib daim ntawv rau nws.
Qhov kev tawm tsam tseem kim heev, tab sis twb muaj nqis heev rau cov kev pabcuam txawj ntse thiab cov tuam txhab loj. Rau kev xaiv kev sib tsoo yooj yim siv tus nqi pheej yig dua NVIDIA GTX 970 GPU, tus nqi yog 11 txhiab las, thiab rau kev xaiv kev sib tsoo nrog cov ntawv sau ua ntej - 45 txhiab daus las (rau kev sib piv, hauv 2012 tus nqi rau kev xaiv kev sib tsoo hauv SHA-1 tau kwv yees. ntawm 2 lab daus las, thiab hauv 2015 - 700 txhiab). Txhawm rau ua qhov kev tawm tsam ntawm PGP, nws siv ob lub hlis ntawm kev suav siv 900 NVIDIA GTX 1060 GPUs, qhov kev xauj tsev uas raug nqi rau cov kws tshawb fawb $ 75.
Txoj kev tshawb nrhiav kev sib tsoo uas tau thov los ntawm cov kws tshawb fawb yog kwv yees li 10 npaug ntau dua li qhov ua tiav dhau los - theem kev sib tsoo ntawm kev sib tsoo raug txo rau 261.2 kev ua haujlwm, tsis yog 264.7, thiab kev sib tsoo nrog cov lus qhia ua ntej rau 263.4 kev ua haujlwm tsis yog 267.1. Cov kws tshawb fawb pom zoo kom hloov los ntawm SHA-1 mus rau kev siv SHA-256 lossis SHA-3 sai li sai tau, vim lawv kwv yees tias tus nqi ntawm kev tawm tsam yuav poob rau $ 2025 los ntawm 10.
Cov neeg tsim khoom GnuPG tau ceeb toom txog qhov teeb meem thaum Lub Kaum Hli 1 (CVE-2019-14855) thiab tau nqis tes los thaiv cov ntawv pov thawj muaj teeb meem thaum lub Kaum Ib Hlis 25 hauv kev tso tawm GnuPG 2.2.18 - tag nrho SHA-1 cov npe digital kos npe tsim tom qab Lub Ib Hlis 19 ntawm xyoo tas los no tam sim no lees paub tias tsis raug. CAcert, ib qho ntawm cov ntawv pov thawj tseem ceeb rau cov yuam sij PGP, npaj yuav hloov mus rau kev siv cov hash ruaj ntseg dua rau cov ntawv pov thawj tseem ceeb. Cov neeg tsim tawm OpenSSL, hauv kev teb rau cov ntaub ntawv hais txog txoj kev tawm tsam tshiab, tau txiav txim siab kaw SHA-1 ntawm lub neej ntawd thawj theem kev ruaj ntseg (SHA-1 tsis tuaj yeem siv rau daim ntawv pov thawj thiab kos npe digital thaum lub sijhawm sib tham sib txuas lus).
Tau qhov twg los: opennet.ru