ProHoster > Блог > ozi ịntanetị > Usoro Mwakpo Ọwa Ọhụrụ iji nwetaghachi igodo ECDSA

Usoro Mwakpo Ọwa Ọhụrụ iji nwetaghachi igodo ECDSA

Ndị nchọpụta si Mahadum. Masaryk kpuchie ozi gbasara adịghị ike na mmemme dị iche iche nke ECDSA/EdDSA dijitalụ mbinye aka okike okike, nke na-enye gị ohere iweghachi uru igodo nzuzo dabere na nyocha nke ntanye nke ozi gbasara ibe n'otu n'otu na-apụta mgbe ị na-eji ụzọ nyocha nke ndị ọzọ. Akpọrọ aha adịghị ike ndị ahụ Minerva.

Ọrụ ndị a kacha mara amara nke usoro mbuso a chọrọ metụtara bụ OpenJDK/OracleJDK (CVE-2019-2894) na ọba akwụkwọ. libgcrypt (CVE-2019-13627) eji na GnuPG. Ọ dịkwa mfe maka nsogbu ahụ MatrixSSL, Crypto++, wolfCrypt, elliptik, jsrsasign, Python-ecdsa, ruby_ecdsa, fastecdsa, mfe-ecc na Athena IDProtect smart kaadị. A nwaleghị ya, mana Valid S/A IDflex V, SafeNet eToken 4300 na TecSec Armored Card Card, nke na-eji ọkọlọtọ ECDSA modul, na-ekwupụtakwa dị ka ndị nwere ike adịghị ike.

Edozila nsogbu ahụ na mwepụta nke libgcrypt 1.8.5 na wolfCrypt 4.1.0, ọrụ ndị fọdụrụ ewepụtabeghị mmelite. Ị nwere ike soro ndozi maka adịghị ike na ngwugwu libgcrypt na nkesa na ibe ndị a: Debian, Ubuntu, RHEL, Fedora, emegheSUSE / SUSE, FreeBSD, Arch.

adịghị ike ọ bụghị susceptible OpenSSL, Botan, mbedTLS na BoringSSL. A nwalebeghị Mozilla NSS, LibreSSL, Nettle, BearSSL, cryptlib, OpenSSL na ọnọdụ FIPS, Microsoft .NET crypto,
libkcapi sitere na Linux kernel, Sodium na GnuTLS.

Nsogbu a na-akpata site n'ikike iji chọpụta ụkpụrụ nke ibe n'otu n'otu n'oge scalar multiplication na elliptical curve arụmọrụ. A na-eji ụzọ ndị na-apụtaghị ìhè, dị ka nleba anya ngụ oge, iji wepụta ozi ntakịrị. Mwakpo chọrọ ohere na-enweghị ohere ịnweta onye ọbịa nke ejiri mbinye aka dijitalụ mee (ọ bụghị ewepụrụ na mwakpo dịpụrụ adịpụ, ma ọ dị nnọọ mgbagwoju anya ma na-achọ nnukwu data maka nyocha, ya mere enwere ike iwere ya na ọ gaghị ekwe omume). Maka nbudata dị ngwaọrụ eji ebuso agha.

N'agbanyeghị nha nke ntapu ahụ dị ntakịrị, maka ECDSA nchọpụta nke ọbụna ntakịrị ole na ole nwere ozi gbasara vector mmalite (enweghị oge) zuru ezu iji mee mwakpo iji nwetaghachi igodo nzuzo niile. Dị ka ndị dere usoro ahụ si kwuo, iji nwetaghachi igodo nke ọma, nyocha nke ọtụtụ narị na ọtụtụ puku mbinye aka dijitalụ emepụtara maka ozi mara onye na-awakpo ahụ zuru ezu. Dịka ọmụmaatụ, a nyochara mbinye aka dijitalụ puku iri na otu site na iji secp90r256 elliptic curve iji chọpụta igodo nzuzo ejiri na Athena IDProtect smart card dabere na mgbawa Inside Secure AT1SC. Ngụkọta oge ọgụ bụ nkeji iri atọ.

isi: opennet.ru

Tinye a comment