/dev/random ã¯æå·çã«å®å šãªæ¬äŒŒä¹±æ°çæåš (CSPRNG) ã§ãããããããã³ã°ãšããåä»ãªåé¡ãããããšãç¥ãããŠããŸãã ãã®èšäºã§ã¯ãããã解決ããæ¹æ³ã«ã€ããŠèª¬æããŸãã
éå»æ°ãæã«ããã£ãŠãã«ãŒãã«å
ã®ä¹±æ°çææ©èœã¯ãããã«äœãçŽãããŸãããããã®ãµãã·ã¹ãã ã®åé¡ã¯ãããåºç¯ãªéçºæéãéããŠè§£æ±ºãããŸããã
Andy Luomirski 㯠XNUMX ææ«ã«ãããã® XNUMX çªç®ã®ããŒãžã§ã³ãå
¬éããŸããã 圌ã¯è²¢ç®ããŸã ãã©ã³ãã 㪠Linux API ã«å¯Ÿãã XNUMX ã€ã®äž»èŠãªã»ãã³ãã£ãã¯å€æŽãã ãã®ãããã¯ãgetrandom() ã·ã¹ãã ã³ãŒã«ã«æ°ãã GRND_INSECURE ãã©ã°ãè¿œå ããŸã (ãã ããLutamirsky ã¯ããã getentropy() ãšåŒãã§ããŸãããããã¯åºå®ãã©ã°ä»ãã® getrandom() ã䜿çšã㊠glibc ã«å®è£
ãããŠããŸã)ã ãã®ãã©ã°ã«ããââãåŒã³åºãã¯åžžã«èŠæ±ãããããŒã¿éãè¿ããŸãããããŒã¿ãã©ã³ãã ã§ããããšã¯ä¿èšŒãããŸããã ã«ãŒãã«ã¯ããã®æç¹ã§æè¯ã®ã©ã³ãã ããŒã¿ãçæããããã«æåãå°œãããŸãã ãããããæåã®æ¹æ³ã¯ãããããäžå®ããšåŒã¶ããšã§ã (å®å
šã§ã¯ãããŸãã) ãã® API ãã»ãã¥ãªãã£ãå¿
èŠãšãããã®ã«äœ¿çšãããã®ãé²ããŸããã
ãã®ãããã¯ããããã³ã° ããŒã«ãåé€ããŸãã ã«ãŒãã«ã¯çŸåš XNUMX ã€ã®ã©ã³ãã ããŒã¿ ããŒã«ãç¶æããŠããŸããXNUMX ã€ã¯ /dev/random ã«å¯Ÿå¿ãããã XNUMX ã€ã¯ /dev/urandom ã«å¯Ÿå¿ããŸããããã«ã€ããŠã¯ããã®èšäºã§èª¬æããŠããŸãã
ãã㯠ããŒã«ãåé€ãããšããããšã¯ã/dev/random ããã®èªã¿åãããã©ã°ã 0 ã«èšå®ãã getrandom() ã®ããã«åäœããããšãæå³ããŸã (ãããŠãGRND_RANDOM ãã©ã°ã noop ã«å€ãããŸã)ã æå·åä¹±æ°ãžã§ãã¬ãŒã¿ãŒ (CRNG) ãåæåããããšã/dev/random ããã®èªã¿åããš getrandom(...,XNUMX) ã®åŒã³åºãã¯ãããã¯ããããèŠæ±ãããéã®ã©ã³ãã ããŒã¿ãè¿ãããŸãã
ã«ããã«ã¹ããŒã¯æ¬¡ã®ããã«è¿°ã¹ãŠããŸãã ãLinux ããããã³ã° ããŒã«ã¯æ代é ãã«ãªã£ããšæããŸãã CRNG Linux ã¯ãéµã®çæã«ã䜿çšã§ããååãªåºåãçæããŸãã ããããã³ã°ããŒã«ã¯ç©è³ªçãªæå³ã§åŒ·åã§ã¯ãªããããããµããŒãããã«ã¯äŸ¡å€ãçãããå€ãã®ã€ã³ãã©ã¹ãã©ã¯ãã£ãå¿ èŠãšããŸããã
ãã®å€æŽã¯ãæ¢åã®ããã°ã©ã ãå®éã«ã¯åœ±é¿ãåããªãããã«ããããšãç®çãšããŠè¡ãããå®éãGnuPG ããŒã®çæãªã©ã§é·ãåŸ ã¡æéãçºçããåé¡ãå°ãªããªããŸãã
ããããã®ãšããœãŒãã¯æ¢åã®çªçµãæ··ä¹±ãããŠã¯ãªããŸããã /dev/urandom ã¯å€æŽãããŸããã /dev/random ã¯äŸç¶ãšããŠèµ·åçŽåŸã«ãããã¯ããŸããã以åããããããã¯æ°ã¯æžããŸããã æ¢åã®ãã©ã°ã䜿çšãã getentropy() ã¯ã以åãšåæ§ã«å®çšçãªç®çã«é©ããçµæãè¿ããŸããã
ã«ããã«ã¹ããŒæ°ã¯ãã«ãŒãã«ããããããçã®ä¹±æ°ããæäŸãã¹ããã©ããã¯ãŸã æªè§£æ±ºã®åé¡ã§ãããããã¯ããããã³ã°ã«ãŒãã«ãããçšåºŠè¡ãã¹ãããšã§ãããšææããã 圌ã¯ãã®çç±ããã XNUMX ã€ããæ¿åºã®åºæºãžã®æºæ ãã ãšèããŠããŸãã ã«ããã«ã¹ããŒæ°ã¯ãã«ãŒãã«ããããæäŸããå Žåãå®å šã«ç°ãªãã€ã³ã¿ãŒãã§ã€ã¹ãéããŠå®è¡ãããããŠãŒã¶ãŒç©ºéã«ç§»åããŠããŠãŒã¶ãŒããã®ãããªãã㯠ããŒã«ã®äœæã«äœ¿çšã§ããçã®ã€ãã³ã ãµã³ãã«ãååŸã§ããããã«ããå¿ èŠããããšææ¡ããŸããã
ã¹ããã¡ã³ã»ãã¥ã©ãŒã¯åœŒã®ã»ãããææ¡ããŸãã
Matthew Garrett æ°ã¯ããçã®ã©ã³ãã ããŒã¿ããšããçšèªã«å察ãããµã³ããªã³ã°ãããããã€ã¹ã¯åççã«ã¯äºæž¬å¯èœã«ãªãã»ã©æ£ç¢ºã«ã¢ãã«åã§ãããšææãããããã§ã¯éåã€ãã³ãããµã³ããªã³ã°ããŠããããã§ã¯ãããŸããããšè¿°ã¹ãŸããã
ãã¥ã©ãŒæ°ã¯ããã®çšèªã¯ãåºç€ãšãªããã€ãºæºããšã³ããããŒãçæããã®ãšåãã¬ãŒãã§ãçµæã®ã¿ãçæããä¹±æ°çºçåšãè¡šããã€ãã®æšæºAIS 31ã«ç±æ¥ãããšçããã
çšèªã®éãã¯ããŠãããLRNG ãããã§ææ¡ãããŠãããã㯠ããŒã«ã䜿çšãããšãå°ãªããšãç¹æš©ãªãã§ã¢ã¯ã»ã¹ããå Žåã«ã¯ãåçŽã«ããŸããŸãªåé¡ãçºçããŸãã
ã«ããã«ã¹ããŒã¯ããèšã£ãã ãããã§ã¯åé¡ã¯è§£æ±ºããŸããã XNUMX 人ã®ç°ãªããŠãŒã¶ãŒã gnupg ã®ãããªæããªããã°ã©ã ãå®è¡ãããšããäºãã«æ¶èããã ãã§ãã çŸåšã/dev/random ã«ã¯ XNUMX ã€ã®äž»ãªåé¡ãããããšãããããŸãããXNUMX ã€ã¯ DoS (ã€ãŸãããªãœãŒã¹ã®æ¯æžãæªæã®ãã圱é¿ãªã©) ã®å±éºæ§ãããããã XNUMX ã€ã¯ã/dev/random ã䜿çšããã®ã«ç¹æš©ãå¿ èŠãªããããæªçšããããããšããããšã§ãã Gnupg ã¯ééã£ãŠããŸããå®å šã«åŽ©å£ããŠããŸãã gnupg ãåæ§ã®ããã°ã©ã ã䜿çšããæ°ããéç¹æš©ã€ã³ã¿ãŒãã§ã€ã¹ãè¿œå ãããšãåã³è² ããããšã«ãªããŸããã
Mueller æ°ã¯ãgetrandom() ã®è¿œå ã«ãããããŒã«ãåæåãããŠããããšã®å¿ èŠãªä¿èšŒãæäŸããããããGnuPG ããã®ã€ã³ã¿ãŒãã§ãŒã¹ã䜿çšã§ããããã«ãªããšè¿°ã¹ãŸããã GnuPG éçºè Werner Koch ãšã®è°è«ã«åºã¥ããŠãMueller æ°ã¯ãGnuPG ãçŸåš /dev/random ããçŽæ¥èªã¿åãå¯äžã®çç±ã¯ãã®ä¿èšŒã§ãããšèããŠããŸãã ãããããµãŒãã¹æåŠã®åœ±é¿ãåããããç¹æš©ã®ãªãã€ã³ã¿ãŒãã§ã€ã¹ãååšããå Žå (ä»æ¥ã® /dev/random ã®ããã«)ãããã¯äžéšã®ã¢ããªã±ãŒã·ã§ã³ã«ãã£ãŠæªçšãããã ãããš Luomirsky æ°ã¯äž»åŒµããŸãã
Linux ã®ä¹±æ°ãµãã·ã¹ãã ã®éçºè ã§ãã Theodore Yue Tak Ts'o æ°ã¯ãããããã³ã° ããŒã«ã®å¿ èŠæ§ã«ã€ããŠèããå€ããããã§ãã åæ°ã¯ããã®ããŒã«ãåé€ããããšã§ãLinux ã«çã®ä¹±æ°çæåš (TRNG) ããããšããèããå¹æçã«åãé€ãããšãã§ãããšè¿°ã¹ãŸããã ãããã¯ãã³ã»ã³ã¹ã§ã¯ãããŸãããããã¯ãŸãã« *BSD ãåžžã«è¡ã£ãŠããããšã ããã§ããã
åæ°ã¯ãŸããTRNG ã¡ã«ããºã ã®æäŸãã¢ããªã±ãŒã·ã§ã³éçºè ã«ãšã£ãŠåãªãããšãã«ãªãã®ã§ã¯ãªãããšæžå¿µããŠãããå®éãLinux ããµããŒãããããŸããŸãªçš®é¡ã®ããŒããŠã§ã¢ãèæ ®ãããšãã«ãŒãã«å 㧠TRNG ãä¿èšŒããããšã¯äžå¯èœã§ãããšèããŠããŸãã root æš©éã ãã§æ©åšãæäœã§ããããã«ããŠããåé¡ã¯è§£æ±ºãããŸããã ãã¢ããªã±ãŒã·ã§ã³éçºè ã¯ãã»ãã¥ãªãã£äžã®çç±ãããã¢ããªã±ãŒã·ã§ã³ã root ãšããŠã€ã³ã¹ããŒã«ããããã«æå®ããŠããŸãããã®ãããããããæ¬åœã«é©åãªãä¹±æ°ã«ã¢ã¯ã»ã¹ã§ããå¯äžã®æ¹æ³ã§ããã
ã¢ã©ãŒæ°ã¯ãæ¹æ°èªèº«ãé·å¹Žææ¡ããŠããããããã³ã°ããŒã«ã®å°å ¥ãæŸæ£ãããã©ãããå°ããã Caoæ°ã¯ãLutomirskyæ°ã®ããããæ¡çšããã€ããã§ãããããããã³ã°ã€ã³ã¿ãŒãã§ã€ã¹ãã«ãŒãã«ã«æ»ãããšã«ã¯ç©æ¥µçã«å察ãããšçããã
ãã«ãŒãã«ã¯ããã€ãºæºãé©åã«ç¹åŸŽã¥ããããŠãããã©ããã«ã€ããŠã¯ä¿èšŒã§ããŸããã GPG ã OpenSSL ã®éçºè ãåŸãããã®ã¯ãTRUERANDOM ã®æ¹ããåªããŠããããšããæŒ ç¶ãšããæèŠã ãã§ãããã»ãã¥ãªãã£ãããã«åŒ·åããããããééããªãããã䜿çšããããšããã§ãããã ããæç¹ã§ããã¯ãããã¯ãããä»ã®è³¢æãªãŠãŒã¶ãŒ (ããããé åžå°é家) ãããã init ã¹ã¯ãªããã«æ¿å ¥ããŠã·ã¹ãã ãåäœããªããªã£ãå ŽåããŠãŒã¶ãŒã¯ Linus Torvalds æ¬äººã«èŠæ ãèšãã ãã§æžã¿ãŸããã
Cao æ°ã¯ãŸããæå·åŠè ãå®éã« TRNG ãå¿ èŠãšãã人ã ã«ããŠãŒã¶ãŒç©ºéã§ç¬èªã®ãšã³ããããŒãåéããŠå¿ èŠã«å¿ããŠäœ¿çšã§ããæ¹æ³ãæäŸããããšãæå±ããŠããŸãã åæ°ã¯ããšã³ããããŒã®åéã¯ãã«ãŒãã«ããµããŒãããããŸããŸãªããŒããŠã§ã¢ãã¹ãŠã§å®è¡ã§ããããã»ã¹ã§ã¯ãªããã«ãŒãã«èªäœãããŸããŸãªãœãŒã¹ããæäŸããããšã³ããããŒã®éãæšå®ããããšãã§ããªããšè¿°ã¹ãŠããŸãã
ãã«ãŒãã«ã¯ç°ãªããã€ãºãœãŒã¹ãæ··åãã¹ãã§ã¯ãããŸããããŸããéåžžã«åçŽãª CPU äžã§ããçš®ã®ãç¥çµè³ªãªãšã³ããã㌠ã²ãŒã ãããã¬ã€ããããšãããšãã«ãäœãããã®ãšã³ããããŒãååŸããŠããããç¥ãããšããã¹ãã§ã¯ãããŸããã ãã³ã³ã·ã¥ãŒã ãŠãŒã¶ãŒåãã®ã¢ãŒããã¯ãã£ãåäžã®ãã¹ã¿ãŒ ãªã·ã¬ãŒã¿ãšãã¹ãŠãåæããŠããªããã¬ãžã¹ã¿ã®äžŠã¹æ¿ããååå€æŽãè¡ã CPU åœä»€ããªã IOT/çµã¿èŸŒã¿ã®ã±ãŒã¹ãªã©ã
ããããã®èšç®ãè¡ãããŒã«ãæäŸããããšã«ã€ããŠè©±ãããšã¯ã§ããŸããããã®ãããªããšã¯åãŠãŒã¶ãŒã®ããŒããŠã§ã¢äžã§å®è¡ããå¿ èŠããããããã¯ã»ãšãã©ã®ãã£ã¹ããªãã¥ãŒã·ã§ã³ ãŠãŒã¶ãŒã«ãšã£ãŠçŸå®çã§ã¯ãããŸããã ãããæå·äœæè ã®ã¿ã察象ãšããŠããå Žåã¯ãæå·äœæè ã®ãŠãŒã¶ãŒç©ºéã§å®è¡ãããŠãã ããã ãŸããGPG ã OpenSSL ãªã©ãåçŽåããŠã誰ããããçã®ã©ã³ãã æ§ããå¿ èŠã§ããã以äžã§ã¯åŠ¥åããªãããšèšãã®ã¯ãããŸãããã åé¢ããååãä»ããããäžæ¬¡ãã€ãºæºã«ã¢ã¯ã»ã¹ããŠå¿ èŠãªæ å ±ãååŸã§ããããã«ãæå·äœæè ã«ã€ã³ã¿ãŒãã§ã€ã¹ãæäŸããæ¹æ³ã«ã€ããŠè©±ãåãããšãã§ããŸãããŸããããããäœããã®æ¹æ³ã§ãã€ãºæºãã©ã€ãã©ãªãŸãã¯ãŠãŒã¶ãŒç©ºéã¢ããªã±ãŒã·ã§ã³ã«å¯ŸããŠèªèº«ãèªèšŒã§ããå¯èœæ§ããããŸããã
ããšãã°ãäžéšã®ã€ãã³ãã«ã¯ã»ãã¥ãªãã£ãžã®åœ±é¿ãããå¯èœæ§ãããããããã®ãããªã€ã³ã¿ãŒãã§ã€ã¹ãã©ã®ãããªãã®ã«ãªããã«ã€ããŠè°è«ããããŸããã Caoæ°ã¯ãããŒããŒãã®ã¹ãã£ã³ã³ãŒãïŒã€ãŸãããŒã¹ãããŒã¯ïŒããšã³ããããŒåéã®äžç°ãšããŠããŒã«ã«æ··åãããããšãææãããç¹æš©ã·ã¹ãã ã³ãŒã«ãä»ãããšããŠããããããŠãŒã¶ãŒç©ºéã«æã¡èŸŒãã®ã¯ãæ§ããã«èšã£ãŠãè³¢æã§ã¯ãªãããšè¿°ã¹ãã ä»ã®ã€ãã³ãã®ã¿ã€ãã³ã°ã«ãã£ãŠããµã€ããã£ãã«ãéããŠäœããã®æ å ±æŒæŽ©ãçºçããå¯èœæ§ã¯ååã«ãããŸãã
ã€ãŸããLinux ã®ä¹±æ°ãµãã·ã¹ãã ã«é¢ããé·å¹Žã®åé¡ã¯è§£æ±ºã«åããã€ã€ããããã§ãã æè¿ä¹±æ°ãµãã·ã¹ãã ã«å ããããå€æŽã¯ãå®éã«ã¯ãä¹±æ°ãµãã·ã¹ãã ã®äœ¿çšäžã« DoS åé¡ãåŒãèµ·ããã ãã§ããã ã«ãŒãã«ãæäŸã§ããæè¯ã®ä¹±æ°ãååŸããå¹ççãªæ¹æ³ãç»å ŽããŸããã Linux äžã§ TRNG ãäŸç¶ãšããŠæãŸããå Žåããã®æ¬ é¥ã¯å°æ¥çã«å¯ŸåŠããå¿ èŠããããŸãããããããã«ãŒãã«èªäœå ã§ãããè¡ãããããšã¯ãããŸããã
ããã€ãã®åºå ð
ãã€ãã宿æ³ããã ãããããšãããããŸãã ç§ãã¡ã®èšäºãæ°ã«å
¥ã£ãŠããŸãã? ãã£ãšèå³æ·±ãã³ã³ãã³ããèŠããã§ãã? 泚æããããå人ã«å§ãããããŠç§ãã¡ããµããŒãããŠãã ããã
ã¢ã ã¹ãã«ãã ã®ãšã¯ã€ãã¯ã¹ Tier IV ããŒã¿ã»ã³ã¿ãŒã§ã¯ Dell R730xd ã 2 åå®ã? ããã ã
åºæïŒ habr.com