Mukamva mawu oti "cryptography," anthu ena amakumbukira mawu achinsinsi a WiFi, loko yobiriwira pafupi ndi adilesi ya tsamba lawo lomwe amakonda, komanso momwe zimavutira kulowa imelo ya munthu wina. Ena amakumbukira zovuta zingapo m'zaka zaposachedwa ndi mawu achidule (DROWN, FREAK, POODLE...), ma logo okongola komanso chenjezo loti musinthe msakatuli wanu mwachangu.
Cryptography imaphimba zonse, koma chofunika mu china. Mfundo ndi yakuti pali mzere wabwino pakati pa zosavuta ndi zovuta. Zinthu zina ndi zosavuta kuchita, koma zovuta kuzigwirizanitsa, monga kuthyola dzira. Zinthu zina ndi zosavuta kuchita koma zovuta kubwereranso pamene gawo laling'ono, lofunika, lofunika likusowa: mwachitsanzo, kutsegula chitseko chokhoma pamene "gawo lofunikira" ndilo fungulo. Cryptography imaphunzira zochitika izi ndi momwe zingagwiritsidwe ntchito pochita.
M'zaka zaposachedwa, kusonkhanitsa kwachinyengo kwasintha kukhala malo osungiramo logo owoneka bwino, odzazidwa ndi zolemba kuchokera pamapepala asayansi, ndikupangitsa kuti anthu azikhala okhumudwa kuti chilichonse chasweka. Koma zoona zake n'zakuti, kuukira kochuluka kumachokera pa mfundo zochepa chabe, ndipo masamba osatha a ziganizo nthawi zambiri amapangidwa ndi malingaliro osavuta kumva.
M'nkhani zotsatizanazi, tiwona mitundu yosiyanasiyana yachinsinsi, ndikugogomezera mfundo zazikuluzikulu. Mwachidule osati ndendende mu dongosolo ili, koma tikambirana izi:
- Njira zoyambira: brute force, kusanthula pafupipafupi, kumasulira, kutsitsa ndi njira zingapo.
- Zowopsa zodziwika: FREAK, CRIME, POODLE, DROWN, Logjam.
- Njira Zapamwamba: kuukira kwa oracle (kuukira kwa Vodenet, kuukira kwa Kelsey); kukumana pakati, kuwukira tsiku lobadwa, kukondera kwa ziwerengero (kusiyana kwa cryptanalysis, integral cryptanalysis, etc.).
- Kuukira kwa mayendedwe am'mbali ndi achibale awo apamtima, kulephera kusanthula njira.
- Zowukira pa public key cryptography: cube root, kufalitsa, uthenga wogwirizana, Coppersmith attack, Pohlig-Hellman algorithm, sieve nambala, Wiener attack, Bleichenbacher attack.
Nkhaniyi ikufotokoza zomwe zili pamwambapa mpaka kuukira kwa Kelsey.
Njira Zoyambira
Kuukira zotsatirazi n'zosavuta m'lingaliro kuti akhoza pafupifupi kwathunthu anafotokoza popanda zambiri luso. Tiyeni tifotokozere mtundu uliwonse wa kuukira m'mawu osavuta, osapita mu zitsanzo zovuta kapena zochitika zapamwamba.
Zina mwa zigawengazi zatha ndipo sizinagwiritsidwe ntchito kwa zaka zambiri. Ena ndi akale omwe amazemberabe anthu opanga ma cryptosystem osazindikira m'zaka za zana la 21. Nyengo yamakono yamakono ikhoza kuonedwa kuti idayamba ndi kubwera kwa IBM DES, cipher yoyamba yomwe inalimbana ndi ziwopsezo zonse pamndandandawu.
Mphamvu yosavuta yankhanza
Dongosolo la encryption lili ndi magawo awiri: 1) ntchito ya encryption, yomwe imatenga uthenga (womveka) wophatikizidwa ndi kiyi, kenako imapanga uthenga wobisika - ciphertext; 2) ntchito ya decryption yomwe imatenga ciphertext ndi kiyi ndikupanga mawu osavuta. Zonse ziwiri za encryption ndi decryption ziyenera kukhala zosavuta kuwerengera ndi kiyi - komanso zovuta kuwerengera popanda izo.
Tiyerekeze kuti tikuwona ciphertext ndikuyesa kuyilemba popanda zina zowonjezera (izi zimatchedwa ciphertext-only attack). Ngati mwanjira ina tapeza kiyi yolondola, titha kutsimikizira kuti ndiyolondola ngati zotsatira zake ndi uthenga wololera.
Dziwani kuti pali malingaliro awiri osamveka apa. Choyamba, tikudziwa momwe tingapangire decryption, ndiko kuti, momwe cryptosystem imagwirira ntchito. Ili ndi lingaliro lokhazikika pokambirana za cryptography. Kubisa tsatanetsatane wa cipher kuchokera kwa omwe akuukira kungawoneke ngati njira yowonjezera yachitetezo, koma wowukirayo akadziwa izi, chitetezo chowonjezerachi chimatayika mwakachetechete komanso kosasinthika. Ndi momwemo : Dongosolo logwera m'manja mwa adani lisabweretse vuto.
Chachiwiri, timaganiza kuti fungulo lolondola ndiye fungulo lokhalo lomwe lingatsogolere kumasulira koyenera. Ichinso ndi lingaliro loyenera; zimakhutitsidwa ngati ciphertext ndi yayitali kwambiri kuposa makiyi ndipo imawerengedwa. Izi nthawi zambiri ndi zomwe zimachitika mdziko lenileni, kupatula kapena (ngati simukukonda kuti talumpha kufotokozera, chonde onani Theorem 3.8 ).
Poganizira zomwe tafotokozazi, pali njira: yang'anani kiyi iliyonse yomwe ingatheke. Izi zimatchedwa brute force, ndipo kuukira kotereku kumatsimikizika kugwira ntchito motsutsana ndi ma ciphers onse - pamapeto pake. Mwachitsanzo, mphamvu yankhanza ndi yokwanira kuthyolako , mawu akale omwe mfungulo yake ndi chilembo chimodzi cha alifabeti, kutanthauza makiyi oposa 20 otheka.
Tsoka ilo kwa cryptanalysts, kukulitsa kukula kofunikira ndi chitetezo chabwino ku mphamvu yankhanza. Pamene makiyi akuwonjezeka, chiwerengero cha makiyi omwe angatheke chikuwonjezeka kwambiri. Ndi makiyi amakono amakono, mphamvu yosavuta ya brute ndiyosatheka. Kuti timvetse zomwe tikutanthauza, tiyeni titenge makompyuta apamwamba kwambiri omwe amadziwika kwambiri kuyambira pakati pa 2019: kuchokera ku IBM, yokhala ndi magwiridwe antchito pafupifupi 1017 pamphindikati. Masiku ano, kutalika kwa kiyibodi ndi 128 bits, zomwe zikutanthauza kuti 2128 zotheka kuphatikiza. Kuti mufufuze makiyi onse, makompyuta apamwamba a Summit adzafunika nthawi yomwe ili pafupifupi nthawi za 7800 zaka za Chilengedwe.
Kodi mphamvu yankhanza iyenera kuonedwa ngati chidwi chambiri? Osati konse: ndizofunikira pophika mu cryptanalysis cookbook. Kaŵirikaŵiri ma ciphers amakhala ofooka kwambiri kotero kuti amatha kuthyoledwa ndi kuukira kochenjera, popanda kugwiritsa ntchito mphamvu kumlingo wina kapena wina. Ma hacks ambiri opambana amagwiritsa ntchito njira ya algorithmic kufooketsa chandamale chandamale, kenako ndikuwukira mwankhanza.
Kusanthula pafupipafupi
Zolemba zambiri sizongopeka. Mwachitsanzo, m'malemba a Chingerezi muli zilembo zambiri 'e' ndi zolemba 'the'; m'mafayilo a binary, pali ziro byte zambiri ngati padding pakati pazidziwitso. Kusanthula pafupipafupi ndikuwukira kulikonse komwe kumapezerapo mwayi pa izi.
Chitsanzo chovomerezeka cha cipher chomwe chingakhale pachiwopsezo ku chiwonongekochi ndi chosavuta choloweza m'malo mwa cipher. Mu cipher iyi, fungulo ndi tebulo lomwe zilembo zonse zasinthidwa. Mwachitsanzo, 'g' asinthidwa ndi 'h', 'o' ndi j, choncho mawu oti 'pita' amakhala 'hj'. Cipher iyi ndiyovuta kuyigwiritsa ntchito mwankhanza chifukwa pali matebulo ambiri otheka. Ngati muli ndi chidwi ndi masamu, kutalika kwa makiyi ogwira mtima ndi pafupifupi ma bits 88: ndizo
. Koma kusanthula pafupipafupi kumapangitsa kuti ntchitoyi ichitike mwachangu.
Ganizirani mawu otsatirawa omwe asinthidwa ndi mawu osavuta olowa m'malo:
XDYLY ALY UGLY XDWNKE WN DYAJYN ANF YALXD DGLAXWG XDAN ALY FLYAUX GR WN OGQL ZDWBGEGZDO
monga Y zimachitika kawirikawiri, kuphatikizapo kumapeto kwa mawu ambiri, tikhoza tentatively kuganiza kuti ichi ndi chilembo e:
XDeLe ALe UGLe XDWNKE WN DeAJeN ANF eALXD DGLAXWG XDAN ALe FLeAUX GR WN OGQL ZDWBGEGZDO
Amuna XD kubwerezedwa kumayambiriro kwa mawu angapo. Makamaka, kuphatikiza XDeLe kukuwonetsa bwino mawuwa these kapena there, kotero tiyeni tipitilize:
theLe ALe UGLe thWNKE WN heAJeN ANF EALth DGLATWG kuposa ALe FLeAUt GR WN OGQL ZDWBGEGZDO
Tiyeni tipitirize kuganiza kuti L zimayenderana r, A - a ndi zina zotero. Zitenganso kuyesa pang'ono, koma poyerekeza ndi kuwukira kwamphamvu kwamphamvu, kuwukiraku kumabwezeretsa zolemba zoyambirira posachedwa:
pali zinthu zambiri kumwamba ndi padziko lapansi kuposa zomwe zimalota mu filosofi yanu
Kwa ena, kuthetsa "cryptograms" zotere ndizosangalatsa.
Lingaliro la kusanthula pafupipafupi ndilofunika kwambiri kuposa momwe limawonekera poyang'ana koyamba. Ndipo imagwiranso ntchito ku ma ciphers ovuta kwambiri. M'mbiri yonse, mapangidwe osiyanasiyana a cipher ayesa kuthana ndi izi pogwiritsa ntchito "polyalphabetic substitution". Apa, panthawi yachinsinsi, tebulo lolowetsa zilembo limasinthidwa m'njira zovuta koma zodziwikiratu zomwe zimadalira fungulo. Ma ciphers onsewa ankaonedwa kuti ndi ovuta kuwadula nthawi imodzi; ndipo komabe kusanthula pafupipafupi kocheperako kunawagonjetsa onse.
Chidziwitso chodziwika bwino cha polyalphabetic m'mbiri, ndipo mwina chodziwika kwambiri, chinali Enigma cipher ya Nkhondo Yachiwiri Yapadziko Lonse. Zinali zovuta kwambiri poyerekeza ndi akale, koma atagwira ntchito molimbika, British cryptanalysts adaziphwanya pogwiritsa ntchito kusanthula pafupipafupi. Zoonadi, sakanatha kupanga kuukira kokongola monga momwe tawonetsera pamwambapa; Anayenera kufananiza mapeyala odziwika a mawu osamveka bwino komanso mawu ongoyerekeza (omwe amatchedwa "kuukira kwa mawu osamveka"), ngakhale kupangitsa ogwiritsa ntchito Enigma kubisa mauthenga ena ndi kusanthula zotsatira zake ("kuukira kwamwambo wosankhidwa"). Koma izi sizinapangitse tsogolo la magulu ankhondo ogonjetsedwa ogonjetsedwa ndi sitima zapamadzi zomira kukhala zosavuta.
Pambuyo pakupambana uku, kusanthula pafupipafupi kudasowa m'mbiri ya cryptanalysis. Ma Cipher amasiku ano a digito adapangidwa kuti azigwira ntchito ndi ma bits, osati zilembo. Chofunika kwambiri, ma ciphers awa adapangidwa ndikumvetsetsa kwakuda kwa zomwe pambuyo pake zidadziwika kuti : Aliyense atha kupanga encryption algorithm yomwe iwowo sangathe kuiphwanya. Sikokwanira kwa kabisidwe kachitidwe zimawoneka zovuta: kuti zitsimikizire kufunika kwake, ziyenera kuyang'aniridwa mopanda chifundo ndi akatswiri ambiri a cryptanalyst omwe adzachita zonse zomwe angathe kuti awononge cipher.
Kuwerengera koyambirira
Tengani mzinda wongoyerekeza wa Precom Heights, anthu 200. Nyumba iliyonse mumzindawu imakhala ndi zinthu zamtengo wapatali zokwana $000, koma zosaposa $30. Msika wachitetezo ku Precom umayendetsedwa ndi ACME Industries, yomwe imapanga maloko odziwika bwino a zitseko za Coyote™. Malinga ndi kusanthula kwa akatswiri, loko ya kalasi ya Coyote imatha kuthyoledwa ndi makina ovuta kwambiri ongoyerekeza, omwe amafunikira zaka zisanu ndi $000 pakugulitsa. Kodi mzindawu uli wotetezeka?
Mosakayika ayi. Potsirizira pake, chigawenga chofuna kutchuka chidzawonekera. Adzalingalira motere: “Inde, ndidzawononga ndalama zambiri. Zaka zisanu zakudikirira moleza mtima, ndi $50. Koma ndikamaliza, ndikhala ndi mwayi chuma chonse cha mudzi uwu. Ngati ndisewera bwino makhadi anga, ndalamazi zindilipira kambirimbiri. ”
N'chimodzimodzinso ndi cryptography. Zowukira motsutsana ndi cipher zina zimayesedwa mopanda chifundo ndi phindu la phindu. Ngati chiŵerengerocho chiri chabwino, kuukira sikudzachitika. Koma kuukira komwe kumagwira ntchito motsutsana ndi anthu ambiri omwe angakhale akuzunzidwa nthawi imodzi nthawi zonse kumakhala kopindulitsa, pomwe njira yabwino yopangira makonzedwe ndi kuganiza kuti idayamba kuyambira tsiku loyamba. Tili ndi ndondomeko yachinsinsi ya Murphy's Law: "Chilichonse chomwe chingasokoneze dongosololi chidzaphwanya dongosolo."
Chitsanzo chosavuta kwambiri cha cryptosystem chomwe chili pachiwopsezo chowopsezedwa ndi chiwopsezo chosasinthika. Izi zinali choncho ndi , zomwe zimangosuntha chilembo chilichonse cha zilembo zitatu kupita patsogolo (tebulo limakhomedwa, kotero kuti chilembo chomaliza mu zilembocho chimabisika chachitatu). Apanso mfundo ya Kerchhoffs iyambanso kugwira ntchito: makina akangobedwa, amabedwa mpaka kalekale.
Lingaliro ndi losavuta. Ngakhale woyambitsa novice cryptosystem angazindikire kuwopseza ndikukonzekera moyenera. Tikayang'ana kusinthika kwa cryptography, kuukira kotereku sikunali koyenera kwa ma ciphers ambiri, kuyambira kumasulira koyambirira kwa Kaisara cipher mpaka kutsika kwa ma polyalphabetic ciphers. Kuukira kotereku kunangobweranso pakubwera nthawi yamakono ya cryptography.
Kubwereraku kumachitika pazifukwa ziwiri. Choyamba, ma cryptosystems ovuta mokwanira adawonekera, pomwe kuthekera kwa kugwiriridwa pambuyo pakuba sikunali koonekeratu. Chachiwiri, cryptography inafalikira kwambiri kotero kuti mamiliyoni a anthu wamba ankapanga zisankho tsiku lililonse za komwe ndi mbali ziti za cryptography oti adzagwiritsenso ntchito. Zinatenga nthawi akatswiri asanazindikire kuopsa kwake ndikudzutsa alamu.
Kumbukirani kuukira koyambirira: kumapeto kwa nkhaniyi tiwona zitsanzo ziwiri zenizeni zenizeni za cryptographic komwe zidachita mbali yofunika.
Kutanthauzira
Nawa wapolisi wofufuza milandu wotchuka Sherlock Holmes, akuchita chiwembu chosokoneza Dr. Watson:
Nthawi yomweyo ndinaganiza kuti munachokera ku Afghanistan... Malingaliro anga anali motere: “Munthu uyu ndi dokotala mwa mtundu wake, koma ali ndi mphamvu ya usilikali. Choncho, dokotala wa asilikali. Iye wangofika kumene kuchokera kumadera otentha - nkhope yake ndi yakuda, koma uwu si mthunzi wachilengedwe wa khungu lake, popeza manja ake ndi oyera kwambiri. Nkhope yake ndi yosautsa – mwachiwonekere, wavutika kwambiri ndi matenda. Anavulazidwa m'dzanja lake lamanzere - akugwira mosasunthika komanso mosagwirizana ndi chilengedwe. Kodi m'madera otentha angapirire kuti dokotala wankhondo wachingelezi akakumana ndi zovuta ndikuvulazidwa? Inde, ku Afghanistan. " Ganizo lonse silinatenge ngakhale sekondi imodzi. Ndipo kotero ndinanena kuti munachokera ku Afghanistan, ndipo mudadabwa.
Holmes amatha kutulutsa zidziwitso zochepa paumboni uliwonse payekhapayekha. Iye akanangofika pomaliza mwa kuwaganizira onse pamodzi. Kuwukira kwa mawu omasulira kumagwiranso ntchito mofananamo poyang'ana mawu omveka bwino odziwika bwino ndi zilembo zachinsinsi zochokera ku kiyi yomweyo. Kuchokera pagulu lililonse, zowonera pawokha zimatengedwa zomwe zimalola kuti mfundo zonse zachinsinsi zitheke. Malingaliro onsewa ndi osadziwika bwino ndipo amawoneka ngati opanda ntchito mpaka afika mwadzidzidzi pamtundu wovuta kwambiri ndikupita ku lingaliro lokhalo lotheka: ziribe kanthu kuti ndizodabwitsa bwanji, ziyenera kukhala zoona. Pambuyo pa izi, fungulo limawululidwa, kapena njira yosinthira imakhala yoyengedwa kwambiri kotero kuti ikhoza kubwerezedwanso.
Tiyeni tifotokozere chitsanzo chosavuta mmene kumasulira kumagwirira ntchito. Tiyerekeze kuti tikufuna kuwerenga buku la mdani wathu, Bob. Amalemba nambala iliyonse muzolemba zake pogwiritsa ntchito njira yosavuta yomwe adaphunzira kuchokera ku malonda a magazini "A Mock of Cryptography." Dongosololi limagwira ntchito motere: Bob amasankha manambala awiri omwe amakonda: и . Kuyambira pano, kubisa nambala iliyonse , imawerengera . Mwachitsanzo, ngati Bob anasankha и , kenako nambala adzakhala encrypted monga .
Tiyerekeze kuti pa December 28 tinaona kuti Bob anali kukanda chinachake mu buku lake. Akamaliza, tizitenga mwakachetechete ndikuwona zomwe zalembedwa komaliza:
Tsiku:
235/520Wokondedwa Diary,
Lero linali tsiku labwino. Kudzera
64lero ndili ndi chibwenzi ndi Alisa, yemwe amakhala m'nyumba843. Ndikuganiza kuti akhoza kukhala26!
Popeza tili ofunitsitsa kutsatira Bob pa tsiku lake (tonse tili 15 muzochitika izi), ndikofunikira kudziwa tsikulo komanso adilesi ya Alice. Mwamwayi, tikuwona kuti cryptosystem ya Bob imakhala pachiwopsezo cha kusokoneza. Mwina sitingadziwe и , koma tikudziwa deti la masiku ano, choncho tili ndi mavesi awiri osavuta kumva. Ndiko kuti, tikudziwa zimenezo encrypted mu ndi - mkati . Izi ndi zomwe tilemba:
Popeza tili ndi zaka 15, tikudziwa kale za dongosolo la ma equation awiri omwe ali ndi zosadziwika ziwiri, zomwe panthawiyi ndizokwanira kupeza. и popanda mavuto. Gulu lililonse la plaintext-ciphertext limayika chotchinga pa kiyi ya Bob, ndipo zopinga ziwirizi palimodzi ndizokwanira kubweza makiyiwo. Mu chitsanzo chathu yankho ndi и (ku , ndicholinga choti 26 mu diary amafanana ndi mawu akuti 'imodzi', kutanthauza, "yemweyo" - pafupifupi. njira).
Zowukira zomasulira, ndithudi, sizimangokhala pa zitsanzo zosavuta zoterozo. Ma cryptosystem aliwonse omwe amachepetsa ku chinthu chodziwika bwino cha masamu ndi mndandanda wa magawo omwe ali pachiwopsezo cha kusokoneza kwa interpolation-chinthu chomveka bwino, ndiye kuti chiwopsezo chimakwera.
Anthu obwera kumene nthawi zambiri amadandaula kuti cryptography ndi “luso lopanga zinthu monyansa kwambiri.” Zigawenga zosokoneza mwina ndizomwe zimayambitsa. Bob amatha kugwiritsa ntchito masamu okongola kapena kusunga tsiku lake ndi Alice mwachinsinsi - koma tsoka, nthawi zambiri simungakhale nazo zonse ziwiri. Izi zidziwikiratu bwino tikadzafika pamutu wachinsinsi wa anthu onse.
Cross protocol/downgrade
Mu Now You See Me (2013), gulu la anthu onyenga amayesa kubera wamkulu wa inshuwaransi wachinyengo Arthur Tressler kuti amuchotsere chuma chake chonse. Kuti apeze akaunti yakubanki ya Arthur, onyengawo ayenera kupereka dzina lake lolowera ndi mawu achinsinsi kapena kumukakamiza kuti adziwonekere yekha kubanki ndi kutenga nawo mbali pa ndondomekoyi.
Zosankha ziwirizi ndizovuta kwambiri; Anyamatawa amagwiritsidwa ntchito kuchita pa siteji, osati kutenga nawo mbali mu ntchito zanzeru. Chifukwa chake amasankha njira yachitatu yotheka: mnzakeyo amayimbira banki ndikudziyesa ngati Arthur. Banki imafunsa mafunso angapo kuti atsimikizire kuti ndi ndani, monga dzina la amalume ndi dzina la chiweto choyamba; ngwazi zathu pasadakhale . Kuyambira pano, chitetezo chachinsinsi sichikhalanso ndi vuto.
(Malinga ndi nthano ya m’tauni imene ifeyo tatsimikizira ndi kuitsimikizira, katswiri wina wa kulembera makalata Eli Beaham anakumana ndi wobwereketsa ndalama ku banki yemwe anaumirira kuyankha funso la chitetezo. Pamene wobwereketsayo anafunsa dzina la agogo ake aakazi, Beaham anayamba kunena kuti: “Likulu X, yaying'ono y, atatu ... ").
Ndizofanana mu cryptography, ngati ma protocol awiri a cryptographic amagwiritsidwa ntchito mofanana kuti ateteze katundu yemweyo, ndipo imodzi imakhala yofooka kwambiri kuposa ina. Dongosolo lotsatila limakhala pachiwopsezo cha kuukira kwa cross-protocol, komwe protocol yofooka imawukiridwa kuti ifike ku mphothoyo popanda kukhudza wamphamvu.
Nthawi zina zovuta, sikokwanira kungolumikizana ndi seva pogwiritsa ntchito protocol yofooka, koma kumafuna kutenga nawo mbali mosasamala kwa kasitomala wovomerezeka. Izi zitha kukonzedwa pogwiritsa ntchito zomwe zimatchedwa kutsitsa. Kuti timvetsetse kuwukiraku, tiyeni tiyerekeze kuti onyenga athu ali ndi ntchito yovuta kwambiri kuposa mufilimuyi. Tiyerekeze kuti wogwira ntchito ku banki (wosunga ndalama) ndi Arthur anakumana ndi zochitika zosayembekezereka, zomwe zinachititsa kuti akambirane zotsatirazi:
Wakuba: Moni? Uyu ndi Arthur Tressler. Ndikufuna kukonzanso mawu achinsinsi anga.
Cashier: Zabwino. Chonde yang'anani pa bukhu lanu lachinsinsi lachinsinsi, tsamba 28, mawu 3. Mauthenga onse otsatirawa adzasungidwa pogwiritsa ntchito liwu lapaderali ngati chinsinsi. Mtengo PQJGH. LOTJNAM PGGY MXVRL ZZLQ SRIU HHNMLPPPV…
Wakuba: Hei, dikirani, dikirani. Kodi izi ndizofunikiradi? Kodi sitingangolankhula ngati anthu wamba?
Cashier: Sindikupangira izi.
Wakuba: Ine basi^taonani, ine ndinali ndi tsiku lotayirira, chabwino? Ndine kasitomala wa VIP ndipo sindiri mumkhalidwe wofufuza mabuku opusawa.
Cashier: Chabwino. Ngati mulimbikira, Bambo Tressler. Mukufuna chiyani?
Wakuba: Chonde, ndikufuna kupereka ndalama zanga zonse ku Arthur Tressler National Victims Fund.
(Imani kaye).
Cashier: Kodi zamveka tsopano. Chonde perekani PIN yanu pazochita zazikulu.
Wakuba: Changa chiyani?
Cashier: Pakufunsa kwanu, zosintha zazikuluzikuluzi zimafuna PIN pazochitika zazikulu. Khodi iyi idapatsidwa kwa inu mutatsegula akaunti yanu.
Wakuba:... Ndataya. Kodi izi ndizofunikiradi? Kodi simungangovomereza malondawo?
Cashier: Ayi. Pepani, Bambo Tressler. Apanso, iyi ndi njira yachitetezo yomwe mudapempha. Ngati mukufuna, titha kutumiza PIN khodi yatsopano ku bokosi lanu lamakalata.
Ngwazi zathu zayimitsa ntchitoyo. Amamvetsera zochitika zingapo zazikulu za Tressler, kuyembekezera kumva PIN; koma nthawi zonse kukambirana kusanduka gibberish code pamaso chilichonse zosangalatsa ananenedwa. Pomalizira pake, tsiku lina labwino, dongosololi likugwiritsidwa ntchito. Amadikirira moleza mtima nthawi yomwe Tressler akuyenera kupanga ndalama zambiri pafoni, amafika pamzere, kenako ...
Tressler: Moni. Ndikufuna kutsiriza ntchito yakutali, chonde.
Cashier: Zabwino. Chonde onani buku lanu lachinsinsi lachinsinsi, tsamba...
(Wakubayo akanikiza batani; mawu a cashier amasanduka phokoso losamveka).
Cashier: - #@$#@$#*@$$@#* isungidwa ndi mawu awa ngati kiyi. AAAYRR PLRQRZ MMNJK LOJBAN…
Tressler: Pepani, sindinamvetse bwino. Apanso? Patsamba lanji? Mawu otani?
Cashier: Ili ndiye tsamba @#$@#*$)#*#@()#@$(#@*$(#@*.
Tressler: Chiyani?
Cashier: Nambala ya mawu twente @$#@$#%#$.
Tressler: Zowona! Zakwana kale! Inu ndi chitetezo chanu ndi mtundu wina wa ma circus. Ndikudziwa kuti mumangolankhula nane bwinobwino.
Cashier: sindikupangira…
Tressler: Ndipo sindikukulangizani kuti muwononge nthawi yanga. Sindikufuna kumva zambiri za izi mpaka mutakonza vuto la foni yanu. Kodi tingathe kumaliza mgwirizanowu kapena ayi?
Cashier:… Inde. Chabwino. Mukufuna chiyani?
Tressler: Ndikufuna kusamutsa $20 kupita ku Lord Business Investments, nambala ya akaunti...
Cashier: Mphindi imodzi, chonde. Ndi chinthu chachikulu. Chonde perekani PIN yanu pazochita zazikulu.
Tressler: Chani? O, ndendende! 1234.
Apa pali kuwukira pansi. Protocol yofooka "ingolankhula molunjika" idaganiziridwa ngati mwina pakagwa mwadzidzidzi. Ndipo komabe ife tiri pano.
Mungadabwe kuti ndani amene ali ndi malingaliro abwino angapange dongosolo lenileni "lotetezeka mpaka atafunsidwa mwanjira ina" monga momwe tafotokozera pamwambapa. Koma monga momwe banki yopeka imayika pachiwopsezo chosunga makasitomala omwe sakonda cryptography, machitidwe nthawi zambiri amakokera pazofunikira zomwe zilibe chidwi kapena zotsutsana kwambiri ndi chitetezo.
Izi ndi zomwe zidachitika ndi protocol ya SSLv2 mu 1995. Boma la US layamba kale kuona cryptography ngati chida chomwe chimasungidwa kutali ndi adani akunja ndi apakhomo. Zidutswa za ma code zidavomerezedwa payekhapayekha kuti zitumizidwe kuchokera ku United States, nthawi zambiri ndi chikhalidwe chakuti algorithm idafowoketsedwa mwadala. Netscape, wopanga msakatuli wotchuka kwambiri, Netscape Navigator, adapatsidwa chilolezo cha SSLv2 kokha ndi kiyi ya 512-bit RSA yomwe ili pachiwopsezo (ndi 40-bit ya RC4).
Pofika kumapeto kwa zaka chikwi, malamulo anali atamasuka ndipo mwayi wogwiritsa ntchito kubisa kwamakono unayamba kupezeka kwambiri. Komabe, makasitomala ndi ma seva athandizira kufooketsa kwa "export" cryptography kwazaka zambiri chifukwa cha inertia yomweyi yomwe imachirikiza chithandizo chamtundu uliwonse. Makasitomala adakhulupirira kuti atha kukumana ndi seva yomwe siyimathandizira china chilichonse. Ma seva adachitanso chimodzimodzi. Zoonadi, protocol ya SSL imanena kuti makasitomala ndi ma seva sayenera kugwiritsa ntchito ndondomeko yofooka pamene yabwino ilipo. Koma mfundo yomweyi imagwiranso ntchito kwa Tressler ndi banki yake.
Lingaliroli lidapeza njira ziwiri zowukira zomwe zidagwedeza chitetezo cha protocol ya SSL mu 2015, zonse zomwe zidapezeka ndi ofufuza a Microsoft ndi . Choyamba, tsatanetsatane wa kuwukira kwa FREAK zidawululidwa mu February, kutsatiridwa miyezi itatu pambuyo pake ndi kuwukira kwina kofananako kotchedwa Logjam, komwe tikambirana mwatsatanetsatane tikamapitilira kuukira kwachinsinsi pagulu.
Chiwopsezo (yomwe imadziwikanso kuti "Smack TLS") idadziwika pomwe ofufuza adasanthula momwe kasitomala wa TLS amathandizira ndikupeza cholakwika. Muzochita izi, ngati kasitomala safunsanso kugwiritsa ntchito cryptography yofooka yotumiza kunja, koma seva imayankhabe ndi makiyi oterowo, kasitomala akuti "O chabwino" ndikusinthira ku chiphaso chofooka.
Panthawiyo, cryptography yotumiza kunja idawonedwa kuti ndi yachikale komanso yopanda malire, kotero kuukiraku kudadabwitsa kwambiri ndipo kudakhudza madera ambiri ofunikira, kuphatikiza malo a White House, IRS, ndi NSA. Choyipa kwambiri, zidapezeka kuti ma seva ambiri omwe ali pachiwopsezo anali kukhathamiritsa magwiridwe antchito pogwiritsa ntchito makiyi omwewo m'malo mopanga atsopano pagawo lililonse. Izi zinapangitsa kuti, atatha kuchepetsa ndondomekoyi, kuti achite chiwonongeko chisanachitike: kuphwanya kiyi imodzi kunakhalabe mtengo ($ 100 ndi maola a 12 panthawi yofalitsidwa), koma mtengo wogwira ntchito wowononga kugwirizanako unachepetsedwa kwambiri. Ndikokwanira kusankha kiyi ya seva kamodzi ndikusokoneza kubisa kwa maulumikizidwe onse otsatira kuyambira nthawi imeneyo.
Ndipo tisanapite patsogolo, pali kuwukira kumodzi komwe kumayenera kutchulidwa ...
Oracle attack
wodziwika bwino monga tate wa pulogalamu yotumizira mauthenga ya crypto-platform Signal; koma ife patokha timakonda imodzi mwazinthu zomwe sizidziwika bwino - (Mfundo ya Chiwonongeko cha Cryptographic). Kuti tifotokoze pang'ono, titha kunena izi: "Ngati protocol ikuchita zilizonse imagwira ntchito mobisa pa uthenga wochokera kugwero lomwe lingakhale loyipa ndipo imachita mosiyana malinga ndi zotsatira zake, sizingachitike." Kapena m'njira yakuthwa: "Osatenga zidziwitso kuchokera kwa mdani kuti azikonza, ndipo ngati muyenera kutero, osawonetsa zotsatira zake."
Tiyeni tisiye nkhokwe zosefukira, jekeseni wolamula, ndi zina zotero; iwo ali opitirira malire a zokambiranazi. Kuphwanya "chiwonongeko" kumabweretsa ma hacks akulu a cryptography chifukwa chakuti protocol imachita ndendende momwe amayembekezera.
Mwachitsanzo, tiyeni titenge zongopeka zokhala ndi mawu osatetezeka m'malo mwa cipher, ndikuwonetsa kuwukira komwe kungatheke. Ngakhale tawona kale kuukira kwa cipher m'malo pogwiritsa ntchito kusanthula pafupipafupi, sikungokhala "njira ina yothyola cipher chomwecho." M'malo mwake, kuukira kwa oracle ndizopangidwa zamakono kwambiri, zomwe zimagwiritsidwa ntchito nthawi zambiri zomwe kusanthula pafupipafupi kumalephera, ndipo tiwona chiwonetsero cha izi mu gawo lotsatira. Apa cipher yosavuta imasankhidwa kuti chitsanzocho chimveke bwino.
Chifukwa chake Alice ndi Bob amalumikizana pogwiritsa ntchito mawu osavuta olowa m'malo pogwiritsa ntchito kiyi yomwe imadziwika ndi iwo okha. Iwo ndi okhwima kwambiri za kutalika kwa mauthenga: ali ndendende zilembo 20. Chifukwa chake adagwirizana kuti ngati wina akufuna kutumiza uthenga wachidule, awonjezere mawu ongonena kumapeto kwa mesejiyo kuti ikhale zilembo 20 ndendende. Atakambirana kwanthawi ndithu, adaganiza zongovomera mavesi abodza awa: a, bb, ccc, dddd etc. Choncho, dummy lemba la utali uliwonse zofunika amadziwika.
Alice kapena Bob akalandira uthenga, amawona kaye kuti uthengawo ndi wautali wolondola (zilembo 20) komanso kuti mawuwo ndi olondola. Ngati sizili choncho, ndiye kuti amayankha ndi uthenga wolakwika. Ngati kutalika kwa mawu ndi mawu osamveka zili bwino, wolandirayo amawerenga yekha uthengawo ndikutumiza yankho lobisika.
Panthawi yachiwembucho, wowukirayo amatengera Bob ndikutumiza mauthenga abodza kwa Alice. Mauthengawa ndi achabechabe - wowukirayo alibe makiyi, choncho sangapange uthenga watanthauzo. Koma popeza protocol imaphwanya mfundo ya chiwonongeko, wowukira amathabe kukola Alice kuti aulule zambiri zofunika, monga tawonera pansipa.
Wakuba:
PREWF ZHJKL MMMN. LAAlice: Mawu osalondola.
Wakuba:
PREWF ZHJKL MMMN. LBAlice: Mawu osalondola.
Wakuba:
PREWF ZHJKL MMMN. LCAlice:
ILCT? TLCT RUWO PUT KCAW CPS OWPOW!
Wakubayo samadziwa zomwe Alice wangonena, koma amazindikira kuti chizindikirocho C ziyenera kufanana a, popeza Alice adavomereza zolemba zopusa.
Wakuba:
REWF ZHJKL MMMN. LAAAlice: Mawu osalondola.
Wakuba:
REWF ZHJKL MMMN. LBBAlice: Mawu osalondola.
Pambuyo poyesa kangapo ...
Wakuba:
REWF ZHJKL MMMN. LGGAlice: Mawu osalondola.
Wakuba:
REWF ZHJKL MMMN. LHHAlice:
TLQO JWCRO FQAW SUY LCR C OWQXYJW. IW PWWR TU TCFA CHUYT TLQO JWFCTQUPOLQZ.
Apanso, wowukirayo sadziwa zomwe Alice wangonena, koma akuti H ayenera kufanana ndi b popeza Alice adavomereza mawu opusa.
Ndi zina zotero mpaka wowukirayo adziwe tanthauzo la munthu aliyense.
Poyang'ana koyamba, njirayo ikufanana ndi chiwonongeko chosankhidwa. Pamapeto pake, wowukirayo amasankha ma ciphertexts, ndipo seva imawatsatira momvera. Kusiyana kwakukulu komwe kumapangitsa kuti ziwopsezo izi zitheke mdziko lenileni ndikuti wowukirayo samasowa mwayi wopeza zolemba zenizeni - kuyankha kwa seva, ngakhale kopanda vuto ngati "Zolemba zosavomerezeka," ndikokwanira.
Ngakhale kuwukira kumeneku kuli kophunzitsa, musakhale ndi chidwi pazambiri za "dummy text" scheme, cryptosystem yomwe imagwiritsidwa ntchito, kapena kutsatizana kwa mauthenga omwe amatumizidwa ndi wowukirayo. Lingaliro loyambirira ndi momwe Alice amachitira mosiyana kutengera zomwe zili m'mawu osavuta, ndipo amachita izi popanda kutsimikizira kuti mawu ofananira nawo adachokera kugulu lodalirika. Chifukwa chake, Alice amalola wowukirayo kuti afinyize zinsinsi pamayankho ake.
Pali zambiri zomwe zingasinthidwe pankhaniyi. Zizindikiro zomwe Alice amachitira, kapena kusiyana kwenikweni pamakhalidwe ake, kapena ngakhale cryptosystem yomwe imagwiritsidwa ntchito. Koma mfundoyo idzakhalabe yofanana, ndipo kuwukirako kudzakhalabe kotheka mwanjira ina. Kukhazikitsa kofunikira pakuwukiraku kunathandizira kuvumbulutsa zovuta zingapo zachitetezo, zomwe tiwona posachedwa; koma choyamba pali maphunziro angongole oti aphunzire. Kodi mungagwiritse ntchito bwanji "Alice script" wopeka potsutsa zomwe zingagwire ntchito yeniyeni yamakono? Kodi izi ndizotheka, ngakhale m'malingaliro?
Mu 1998, wolemba mabuku wa ku Switzerland wotchedwa Daniel Bleichenbacher anayankha funsoli motsimikiza. Adawonetsa kuukira kwachinsinsi pachinsinsi chomwe chimagwiritsidwa ntchito kwambiri pagulu la RSA, pogwiritsa ntchito dongosolo linalake la uthenga. Muzinthu zina za RSA, seva imayankha ndi mauthenga olakwika osiyanasiyana malingana ndi momwe malembawo akugwirizanirana ndi dongosolo kapena ayi; izi zinali zokwanira kuchita chiwembucho.
Zaka zinayi pambuyo pake, mu 2002, French cryptographer Serge Vaudenay anasonyeza kuukira oracle pafupifupi zofanana ndi zomwe zafotokozedwa mu nkhani Alice pamwamba - kupatula kuti m'malo mongopeka cipher, iye anathyola kalasi lonse olemekezeka a ciphers zamakono kuti anthu kwenikweni ntchito. Makamaka, kuukira kwa Vaudenay kumayang'ana ma ciphers a kukula kokhazikika ("block ciphers") akagwiritsidwa ntchito motchedwa "CBC encryption mode" komanso ndi chiwembu china chodziwika bwino, chofanana ndi chomwe chili muzochitika za Alice.
Komanso mu 2002, American cryptographer John Kelsey - co-wolemba - adakonza zowukira mosiyanasiyana pamakina omwe amapondereza mauthenga kenako amawabisa. Chochititsa chidwi kwambiri pakati pa zimenezi chinali kuukira kumene kunapezerapo mwayi pa mfundo yakuti kaŵirikaŵiri kumakhala kotheka kunena utali woyambirira wa lembalo kuchokera pautali wa mawu olembedwa m’mawu ofotokozera. Mwachidziwitso, izi zimalola kuukira kwa oracle komwe kumabweretsanso mbali za mawu osavuta.
Pansipa tikupereka kufotokozera mwatsatanetsatane za kuukira kwa Vaudenay ndi Kelsey (tidzapereka tsatanetsatane wa kuukira kwa Bleichenbacher pamene tikupita ku kuukira kwachinsinsi chachinsinsi cha anthu). Ngakhale titayesetsa kwambiri, mawuwa amakhala aukadaulo; kotero ngati zomwe zili pamwambazi zikukwanirani, dumphani magawo awiri otsatirawa.
Kuukira kwa Vodene
Kuti timvetsetse kuwukira kwa Vaudenay, choyamba tiyenera kulankhula zambiri za block ciphers ndi ma encryption modes. "block cipher" ndi, monga tanenera, cipher yomwe imatenga kiyi ndi kulowetsa kwautali wokhazikika ("utali wa block") ndikupanga chipika chobisika chautali womwewo. Ma block ciphers amagwiritsidwa ntchito kwambiri ndipo amawonedwa ngati otetezeka. DES yomwe tsopano idapuma pantchito, yomwe imadziwika kuti ndi cipher yamakono, inali block cipher. Monga tafotokozera pamwambapa, momwemonso ndi AES, yomwe imagwiritsidwa ntchito kwambiri masiku ano.
Tsoka ilo, block ciphers ali ndi chofooka chimodzi chowonekera. Kukula kwake kwa block ndi 128 bits, kapena zilembo 16. Mwachiwonekere, cryptography yamakono imafuna kugwira ntchito ndi deta yowonjezereka, ndipo apa ndipamene njira zolembera zimayambira. Ma encryption mode ndiye kuthyolako: ndi njira yogwiritsira ntchito block cipher yomwe imangovomera kuyika kwa kukula kwake kuti ilowetse kutalika kosasintha.
Kuwukira kwa Vodene kumayang'ana kwambiri machitidwe odziwika a CBC (Cipher Block Chaining). Kuwukiraku kumatengera maziko a block cipher ngati bokosi lakuda losagonjetseka ndikulambalalatu chitetezo chake.
Nachi chithunzi chomwe chikuwonetsa momwe mawonekedwe a CBC amagwirira ntchito:
Kuphatikizika kozungulira kumatanthauza ntchito ya XOR (yokha OR). Mwachitsanzo, block yachiwiri ya ciphertext imalandiridwa:
- Pochita opareshoni ya XOR pa block yachiwiri yokhala ndi mawu oyambira.
- Kulembera chinsinsi chotsatira ndi block cipher pogwiritsa ntchito kiyi.
Popeza CBC imagwiritsa ntchito kwambiri magwiridwe antchito a binary XOR, tiyeni titenge kamphindi kukumbukira zina mwazochita zake:
- Kusakwanira:
- Commutativity:
- Chiyanjano:
- Kudzisintha nokha:
- Kukula kwa baiti: baiti n wa = (byte n of ) (byte n mwa )
Nthawi zambiri, zinthu izi zikutanthauza kuti ngati tili ndi equation yokhudzana ndi machitidwe a XOR ndi imodzi yosadziwika, imatha kuthetsedwa. Mwachitsanzo, ngati tikudziwa zimenezo ndi osadziwika ndi otchuka и , ndiye titha kudalira zinthu zomwe tazitchula pamwambapa kuti tithetse equation . Pogwiritsa ntchito XOR mbali zonse za equation ndi , timapeza . Izi zonse zidzakhala zofunikira kwambiri pakanthawi kochepa.
Pali zosiyana ziwiri zazing'ono komanso kusiyana kumodzi kwakukulu pakati pa zochitika za Alice ndi kuukira kwa Vaudenay. Ziwiri zazing'ono:
- Mu script, Alice ankayembekezera kuti zolemba zomveka zidzatha ndi otchulidwawo
a,bb,cccndi zina zotero. Mu kuukira kwa Wodene, wozunzidwayo m'malo mwake amayembekeza kuti zolembazo zimatha nthawi ya N ndi N byte (ndiko kuti, hexadecimal 01 kapena 02 02, kapena 03 03 03, ndi zina zotero). Uku ndikusiyana kodzikongoletsera. - Muzochitika za Alice, zinali zosavuta kudziwa ngati Alice adalandira uthengawo poyankha "Zolemba zolakwika." Pakuukira kwa Vodene, kusanthula kwina kumafunika komanso kukhazikitsidwa molondola kumbali ya wozunzidwa ndikofunikira; koma chifukwa chakufupikitsa, tiyeni titenge ngati kusanthula uku ndikuthekabe.
Kusiyana kwakukulu:
- Popeza sitigwiritsa ntchito cryptosystem yomweyo, ubale pakati pa owukira-wowongolera ma ciphertext byte ndi zinsinsi (makiyi ndi mawu osavuta) mwachiwonekere adzakhala osiyana. Chifukwa chake, wowukirayo adzayenera kugwiritsa ntchito njira ina popanga ma ciphertexts ndikutanthauzira mayankho a seva.
Kusiyana kwakukuluku ndi gawo lomaliza la chithunzithunzi kuti timvetsetse kuwukira kwa Vaudenay, ndiye tiyeni titenge kamphindi kuti tiganizire chifukwa chake komanso momwe kuwukira kwa CBC kungayambitsidwe poyambira.
Tiyerekeze kuti tapatsidwa ciphertext ya CBC ya midadada 247, ndipo tikufuna kuimasulira. Titha kutumiza mauthenga abodza ku seva, monga momwe tingatumizire mauthenga abodza kwa Alice m'mbuyomu. Seva idzachotsa mauthenga kwa ife, koma sichidzawonetsa kutsekedwa - m'malo mwake, monganso Alice, seva idzangonena zachidziwitso chimodzi chokha: ngati zolembazo zili ndi zovomerezeka kapena ayi.
Taganizirani kuti muzochitika za Alice tinali ndi maubwenzi otsatirawa:
$$display$$text{SIMPLE_SUBSTITUTION}(mawu{ciphertext},mawu{kiyi}) = mawu{plaintext}$$display$$
Tiyeni tizitcha izi "Alice's equation." Ife tinkalamulira ciphertext; seva (Alice) idatulutsa zidziwitso zosamveka bwino pazomwe adalandira; ndipo izi zidatipangitsa kudziwa zambiri za chinthu chomaliza - fungulo. Mwakufanizira, ngati titha kupeza kulumikizana koteroko kwa zolemba za CBC, titha kutulutsanso zinsinsi zina pamenepo.
Mwamwayi, palidi maubwenzi kunja uko omwe tingagwiritse ntchito. Ganizirani zotsatira za kuyimba komaliza kuti muchepetse block cipher ndikuwonetsa kutulutsa uku ngati . Timawonetsanso mipiringidzo ya mawu osavuta ndi zilembo za ciphertext . Yang'ananinso pazithunzi za CBC ndikuwona zomwe zimachitika:
Tiyeni tizitcha izi "CBC equation."
M'chitsanzo cha Alice, poyang'anitsitsa malemba achinsinsi ndi kuwonera malembawo akutuluka, tinatha kuyambitsa chiwonongeko chomwe chinapezanso fungulo lachitatu la equation. Muzochitika za CBC, timayang'aniranso mawu achinsinsi ndikuwona kutayikira kwazinthu zomwe zikugwirizana nazo. Ngati fanizoli lilipo, titha kudziwa zambiri .
Tiyerekeze kuti tabwezeretsadi , ndiye chiyani? Chabwino, ndiye titha kusindikiza zolemba zonse zomaliza nthawi imodzi (), pongolowa (zomwe tili nazo) ndi
analandira mu CBC equation.
Tsopano popeza tili ndi chiyembekezo pa dongosolo lonse la kuwukira, ndi nthawi yoti tifotokoze mwatsatanetsatane. Chonde tcherani khutu ku momwe mfundo zosamveka zimatsikidwira pa seva. M'mawu a Alice, kutayikiraku kudachitika chifukwa Alice angangoyankha ndi uthenga wolondola ngati $inline$text{SIMPLE_SUBSTITUTION}(text{ciphertext},text{key})$inline$ itatha ndi mzerewu. a (kapena bb, ndi zina zotero, koma mwayi woti mikhalidweyi inayambika mwangozi inali yochepa kwambiri). Mofanana ndi CBC, seva imavomereza padding pokhapokha ngati imathera mu hexadecimal 01. Chifukwa chake tiyeni tiyese chinyengo chomwechi: kutumiza ma ciphertext abodza okhala ndi mfundo zathu zabodza mpaka seva itavomereza kudzazidwa.
Seva ikavomera kuphatikizira umodzi mwamauthenga abodza, zikutanthauza kuti:
Tsopano timagwiritsa ntchito byte-byte XOR katundu:
Timadziwa mawu oyamba ndi achitatu. Ndipo tawona kale kuti izi zimatipatsa mwayi wobwezeretsanso nthawi yotsalira - yomaliza kuchokera :
Izi zimatipatsanso baiti yomaliza yachidule chomaliza kudzera mu equation ya CBC ndi katundu wa byte-by-byte.
Tikhoza kusiya zimenezo ndi kukhutitsidwa kuti tachita chiwembu pa mawu amphamvu kwambiri. Koma kwenikweni titha kuchita zambiri: titha kubwezeretsanso zolemba zonse. Izi zimafuna chinyengo chomwe sichinali m'malemba oyambilira a Alice ndipo sichifunikira pakuwukira kwa oracle, komabe ndikofunikira kuphunzira.
Kuti mumvetse, choyamba zindikirani kuti zotsatira zotulutsa mtengo wolondola wa byte yomaliza ndi tili ndi luso latsopano. Tsopano, popanga ma ciphertext, titha kusintha ma byte omaliza a mawu osavuta. Apanso, izi zikugwirizana ndi equation ya CBC ndi katundu wa byte-by-byte:
Popeza tsopano tikudziwa teremu yachiwiri, titha kugwiritsa ntchito mphamvu zathu pa yoyamba kulamulira yachitatu. Timangowerengera:
Sitinathe kuchita izi m'mbuyomu chifukwa tinalibe nthawi yomaliza .
Kodi zimenezi zingatithandize bwanji? Tiyerekeze kuti tsopano tikupanga ma ciphertexts onse kotero kuti m'mawu omveka ofananirako byte yomaliza ndi yofanana ndi 02. Seva tsopano imavomereza zongopeka ngati mawuwo atha ndi 02 02. Popeza tidakonza byte yomaliza, izi zingochitika ngati penultimate byte ya plaintext imakhalanso 02. Timatumiza midadada yabodza ya ciphertext, kusintha penultimate byte, mpaka seva itavomereza padding ya imodzi mwazo. Panthawi imeneyi timapeza:
Ndipo timabwezeretsa penultimate byte monganso wotsiriza anabwezeretsedwa. Timapitilira mu mzimu womwewo: timakonza ma byte awiri omaliza alemba kuti 03 03, timabwereza kuukira kwa kachitatu kuchokera kumapeto ndi zina zotero, potsirizira pake kubwezeretsa kwathunthu .
Nanga bwanji malemba ena onse? Chonde dziwani kuti mtengo kwenikweni ndi $inline$text{BLOCK_DECRYPT}(mawu{key},C_{247})$inline$. Titha kuyika chipika china chilichonse m'malo mwake , ndipo kuukirako kudzapambanabe. M'malo mwake, titha kufunsa seva kuti ipange $inline$text{BLOCK_DECRYPT}$inline$ pa data iliyonse. Pakadali pano, masewera atha - titha kutulutsa mawu aliwonse (onaninso chithunzi cha CBC decryption kuti muwone izi; ndipo zindikirani kuti IV ndi yapagulu).
Njira imeneyi imagwira ntchito yofunika kwambiri pakuwukira kwa mawu omwe tidzakumana nawo mtsogolo.
Kuukira kwa Kelsey
Wokondedwa wathu John Kelsey adalongosola mfundo zomwe zingayambitse ziwopsezo zambiri zomwe zingatheke, osati tsatanetsatane wa kuukira kwinakwake. Ake ndi kafukufuku wa zotheka kuukira deta encrypted wothinikizidwa. Kodi mumaganiza kuti zomwe datayo idatsindikiridwa musanabisike sizinali zokwanira kuwononga? Zikukhalira kuti zokwanira.
Chotsatira chodabwitsa ichi ndi chifukwa cha mfundo ziwiri. Choyamba, pali kugwirizana kwakukulu pakati pa utali wa lemba lomveka bwino ndi utali wa malemba; chifukwa ma ciphers ambiri amafanana. Chachiwiri, pamene kupanikizika kumachitidwa, palinso mgwirizano wamphamvu pakati pa kutalika kwa uthenga woponderezedwa ndi mlingo wa "phokoso" la mawu omveka bwino, ndiko kuti, chiwerengero cha zilembo zosabwerezabwereza (mawu aukadaulo ndi "high entropy" ).
Kuti muwone mfundoyi ikugwira ntchito, ganizirani mfundo ziwiri:
Mawu Oyamba 1:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMawu Oyamba 2:
ATVXCAGTRSVPTVVULSJQHGEYCMQPCRQBGCYIXCFJGJ
Tiyerekeze kuti zolemba zonse ziwirizi zatsindikiridwa kenako ndi zobisika. Mumapeza ma ciphertexts awiri ndipo muyenera kulingalira kuti ndi mawu ati omwe akufanana ndi mawu osavuta:
Ndime 1:
PVOVEYBPJDPVANEAWVGCIUWAABCIYIKOOURMYDTANdime 2:
DWKJZXYU
Yankho lake ndi lomveka. M'mawu osavuta kumva, mawu osavuta 1 okha ndi omwe amakanikizidwa kukhala utali wochepa wa lemba lachiŵiri. Tidazindikira izi popanda kudziwa chilichonse chokhudza compression algorithm, kiyi ya encryption, kapena cipher yokha. Poyerekeza ndi maulamuliro omwe angachitike pakuwukira kwachinsinsi, uwu ndi wamisala.
Kelsey ananenanso kuti m’mikhalidwe ina yachilendo mfundo imeneyi ingagwiritsidwenso ntchito pophulitsa mawu. Makamaka, ikufotokoza momwe wowukirayo angabwezeretsenso chinsinsi ngati atha kukakamiza seva kuti ibisire fomuyo (zolemba zotsatiridwa ndi pamene iye akulamulira ndipo mutha kuwona kutalika kwa zotsatira zobisika.
Apanso, monga zowukira zina, tili ndi ubale:
Apanso, timalamulira nthawi imodzi (), tikuwona kudontha kwakung'ono kwa chidziwitso chokhudza membala wina (ciphertext) ndikuyesera kubwezeretsanso yomaliza (mawu osavuta). Ngakhale fanizoli, izi ndizochitika zachilendo poyerekeza ndi zida zina zomwe taziwona.
Kuti tiwonetse momwe kuwukira kotereku kungagwire ntchito, tiyeni tigwiritse ntchito njira yongopeka yomwe tangobwera nayo: TOYZIP. Imayang'ana mizere ya mawu yomwe idawonekera kale m'mawuwo ndikuyikamo ndi ma byte atatu osungira malo omwe amawonetsa komwe mungapeze mzere woyamba wa mzerewo komanso kangati komwe umapezeka pamenepo. Mwachitsanzo, mzere helloworldhello akhoza kukanikizidwa mu helloworld[00][00][05] 13 byte kutalika poyerekeza ndi ma byte 15 oyambilira.
Tiyerekeze kuti woukirayo ayesa kupezanso mawu osavuta a fomu password=..., kumene mawu achinsinsi omwe sakudziwika. Malinga ndi mtundu wa Kelsey woukira, wowukira atha kufunsa seva kuti ipanikizike ndikulemba mameseji (mawu omveka otsatiridwa ndi ), pati - zolemba zaulere. Seva ikamaliza kugwira ntchito, imanena za kutalika kwa zotsatira. Kuwukira kukuchitika motere:
Wakuba: Chonde sungani ndi kubisa mawu osavuta popanda padding.
Seva: Kutalika kwa zotsatira 14.
Wakuba: Chonde sungani ndi kubisa mawu omwe adawonjezeredwa
password=a.Seva: Kutalika kwa zotsatira 18.
Zolemba zosokoneza: [zoyambirira 14] + [ma byte atatu omwe adalowa m'malo password=] + a
Wakuba: Chonde sungani ndi kubisa mawu omwe awonjezeredwa
password=b.Seva: Kutalika kwa zotsatira 18.
Wakuba: Chonde sungani ndi kubisa mawu omwe awonjezeredwa
password=с.Seva: Kutalika kwa zotsatira 17.
Zolemba zosokoneza: [zoyambirira 14] + [ma byte atatu omwe adalowa m'malo password=c]. Izi zikutanthauza kuti mawu oyamba ali ndi chingwe password=c. Ndiko kuti, mawu achinsinsi amayamba ndi chilembo c
Wakuba: Chonde sungani ndi kubisa mawu omwe awonjezeredwa
password=сa.Seva: Kutalika kwa zotsatira 18.
Zolemba zosokoneza: [zoyambirira 14] + [ma byte atatu omwe adalowa m'malo password=с] + a
Wakuba: Chonde sungani ndi kubisa mawu omwe awonjezeredwa
password=сb.Seva: Kutalika kwa zotsatira 18.
(… Patapita nthawi…)
Wakuba: Chonde sungani ndi kubisa mawu omwe awonjezeredwa
password=со.Seva: Kutalika kwa zotsatira 17.
Zolemba zosokoneza: [zoyambirira 14] + [ma byte atatu omwe adalowa m'malo password=co]. Pogwiritsa ntchito malingaliro omwewo, wowukirayo amamaliza kuti mawu achinsinsi amayamba ndi zilembo co
Ndi zina zotero mpaka mawu achinsinsi onse abwezeretsedwa.
Wowerenga angakhululukidwe poganiza kuti izi ndizochitika zamaphunziro chabe komanso kuti zochitika ngati izi sizingachitike m'dziko lenileni. Tsoka, monga tiwona posachedwa, ndibwino kuti musataye mtima pa cryptography.
Zowopsa zamtundu: CRIME, POODLE, DROWN
Pomaliza, titatha kuphunzira mwatsatanetsatane chiphunzitsocho, tikhoza kuona momwe njirazi zimagwiritsidwira ntchito pazochitika zenizeni za cryptographic.
CRIME
Ngati kuukira kumayang'ana pa msakatuli wa wozunzidwayo ndi maukonde, zina zimakhala zosavuta ndipo zina zimakhala zovuta. Mwachitsanzo, ndizosavuta kuwona kuchuluka kwa anthu omwe akuzunzidwa: ingokhalani naye mu cafe yomweyi ndi WiFi. Pachifukwa ichi, omwe angakhale ozunzidwa (ie aliyense) amalangizidwa kuti agwiritse ntchito kulumikizana kobisika. Zidzakhala zovuta, koma zotheka, kupanga zopempha za HTTP m'malo mwa wozunzidwa kumalo ena a chipani chachitatu (mwachitsanzo, Google). Wowukirayo ayenera kukopa wozunzidwayo patsamba loyipa lomwe lili ndi zolemba zomwe zimapempha. Msakatuli azingopereka cookie yofananira.
Izi zikuwoneka zodabwitsa. Ngati Bob anapita evil.com, kodi zolemba patsambali zingofunsa Google kuti itumize achinsinsi a Bob [email protected]? Chabwino, mu chiphunzitso inde, koma kwenikweni ayi. Izi zimatchedwa cross-site request forgery attack (, CSRF), ndipo inali yotchuka chapakati pa 90s. Lero ngati evil.com amayesa chinyengo ichi, Google (kapena tsamba lililonse lodzilemekeza) nthawi zambiri limayankha kuti, "Zabwino, koma chizindikiro chanu cha CSRF pakuchita izi chidzakhala... три триллиона и семь. Chonde bwerezani nambala iyi." Asakatuli amakono ali ndi chinthu chomwe chimatchedwa "ndondomeko yoyambira yomweyi" pomwe zolemba patsamba A alibe mwayi wodziwa zambiri zotumizidwa ndi tsamba la B. Chifukwa chake script pa evil.com akhoza kutumiza zopempha kwa google.com, koma sindingathe kuwerenga mayankho kapena kumaliza ntchitoyo.
Tiyenera kutsindika kuti pokhapokha Bob atagwiritsa ntchito kulumikizana kwachinsinsi, chitetezo chonsechi ndichabechabe. Wowukira akhoza kungowerenga kuchuluka kwa anthu a Bob ndikubwezeretsanso cookie ya Google. Ndi cookie iyi, angotsegula tabu yatsopano ya Google osasiya msakatuli wake ndikutengera Bob osakumana ndi mfundo zachikale zomwezo. Koma, mwatsoka kwa wakuba, izi zikucheperachepera. Intaneti yonse yakhala ikulengeza nkhondo yolimbana ndi maulalo osabisidwa, ndipo kuchuluka kwa magalimoto a Bob mwina amasungidwa mwachinsinsi, kaya akonda kapena ayi. Kuonjezera apo, kuyambira pachiyambi cha kukhazikitsidwa kwa protocol, magalimoto analinso kuchepa pamaso kubisa; ichi chinali chizoloŵezi chodziwika kuti kuchepetsa latency.
Apa ndi pamene zimayamba kusewera (Compression Ratio Infoleak Made Easy, kutayikira kosavuta kudzera pa compression ratio). Kuwopsaku kudawululidwa mu Seputembala 2012 ndi ofufuza zachitetezo Juliano Rizzo ndi Thai Duong. Tapenda kale maziko onse amalingaliro, omwe amatilola kumvetsetsa zomwe adachita komanso momwe adachitira. Wowukira atha kukakamiza msakatuli wa Bob kutumiza zopempha ku Google ndikumvera mayankho pa netiweki yakomweko mokakamizidwa, mwachinsinsi. Chifukwa chake tili ndi:
Apa wowukirayo amayang'anira pempho ndipo ali ndi mwayi wofikira pagalimoto, kuphatikiza kukula kwa paketi. Nkhani yopeka ya Kelsey inakhalaponso.
Pomvetsetsa chiphunzitsocho, olemba a CRIME adapanga mwayi womwe ungathe kuba ma cookies pamasamba osiyanasiyana, kuphatikiza Gmail, Twitter, Dropbox ndi Github. Chiwopsezocho chinakhudza asakatuli amakono ambiri, zomwe zidapangitsa kuti zigamba zitulutsidwe zomwe zidakwirira mwakachetechete mawonekedwe a SSL kuti asagwiritsidwe ntchito. Yokhayo yotetezedwa ku chiopsezo inali Internet Explorer yolemekezeka, yomwe sinagwiritsepo ntchito kuponderezana kwa SSL konse.
POODLE
Mu Okutobala 2014, gulu lachitetezo la Google linapanga mafunde pagulu lachitetezo. Anatha kugwiritsa ntchito chiwopsezo mu protocol ya SSL yomwe idakhazikitsidwa zaka zoposa khumi zapitazo.
Zikuoneka kuti pamene ma seva akuyendetsa TLSv1.2 yatsopano yonyezimira, ambiri asiya chithandizo cha cholowa cha SSLv3 kuti chigwirizane ndi Internet Explorer 6. Talankhula kale za kuukira kwapansi, kotero mukhoza kulingalira zomwe zikuchitika. Kuwonongeka kokonzedwa bwino kwa protocol ya kugwirana chanza ndipo ma seva ali okonzeka kubwerera ku SSLv3 yabwino yakale, ndikuthetsa zaka 15 zapitazi za kafukufuku wachitetezo.
Kwa mbiri yakale, :
Transport Layer Security (TLS) ndiye protocol yofunika kwambiri yachitetezo pa intaneti. [..] pafupifupi ntchito iliyonse yomwe mumapanga pa intaneti imadalira TLS. [..] Koma TLS sinali TLS nthawi zonse. Protocol idayamba moyo wake amatchedwa "Secure Sockets Layer" kapena SSL. Mphekesera zimati mtundu woyamba wa SSL unali woyipa kwambiri kotero kuti opanga adasonkhanitsa zolemba zonse za code ndikuziika m'malo obisika ku New Mexico. Zotsatira zake, mtundu woyamba wopezeka pagulu wa SSL ndiwowona . Ndizowopsa, ndipo [..] zidapangidwa chapakati pazaka za m'ma 90s, zomwe akatswiri amakono amaziwona ngati "" Zambiri mwazowopsa za cryptographic zomwe tikudziwa masiku ano sizinapezekebe. Zotsatira zake, opanga protocol ya SSLv2 adasiyidwa kuti asokoneze njira yawo mumdima, ndipo adakumana. - kukhumudwa kwawo komanso kupindula kwathu, popeza kuwukira kwa SSLv2 kunasiya maphunziro ofunikira m'badwo wotsatira wa ma protocol.
Kutsatira izi, mu 1996, Netscape yokhumudwa idakonzanso protocol ya SSL kuyambira poyambira. Zotsatira zake zinali SSL version 3, yomwe .
Mwamwayi kwa akuba, “ochepa” satanthauza “onse.” Ponseponse, SSLv3 idapereka zida zonse zofunika kuti ayambitse kuwukira kwa Vodene. Protocolyo idagwiritsa ntchito njira ya CBC block cipher ndi chiwembu chopanda chitetezo (izi zidakonzedwa mu TLS; chifukwa chake kufunikira kowukira). Ngati mukukumbukira dongosolo la padding mukufotokozera kwathu koyambirira kwa kuukira kwa Vaudenay, dongosolo la SSLv3 ndilofanana kwambiri.
Koma, mwatsoka kwa akuba, “zofanana” sizitanthauza “zofanana.” SSLv3 padding scheme ndi "N ma byte osasinthika otsatiridwa ndi nambala N". Yesani, pansi pazifukwa izi, kuti musankhe chipika chongoganiza cha ciphertext ndikudutsa masitepe onse a chiwembu choyambirira cha Vaudene: mupeza kuti kuukirako kumachotsa bwino baiti yomaliza kuchokera pamndandanda womwewo, koma sikupitilira. Kuchotsa ma byte 16 aliwonse a ciphertext ndi chinyengo chachikulu, koma sikupambana.
Poyang'anizana ndi kulephera, gulu la Google linasintha njira yomaliza: adasinthira ku chiwopsezo champhamvu kwambiri - chomwe chimagwiritsidwa ntchito mu CRIME. Pongoganiza kuti wowukirayo ndi script yomwe ikuyenda mu msakatuli wa wozunzidwayo ndipo imatha kuchotsa ma cookie agawo, kuwukirako kumakhala kochititsa chidwi. Ngakhale kuti chiwopsezo chokulirapo sichikhala chenicheni, tawona m'gawo lapitalo kuti mtundu uwu ndi wotheka.
Popeza ali ndi mphamvu zowukira zamphamvu izi, kuwukirako kuyenera kupitilira. Zindikirani kuti wowukirayo amadziwa komwe cookie yagawo yobisidwa imawonekera pamutu ndikuwongolera kutalika kwa pempho la HTTP patsogolo pake. Chifukwa chake, imatha kuwongolera pempho la HTTP kuti cookie yomaliza igwirizane ndi kutha kwa chipika. Tsopano byte iyi ndi yoyenera kumasulira. Mukhoza kungowonjezera khalidwe limodzi pa pempho, ndipo penultimate byte ya cookie idzakhalabe pamalo omwewo ndipo ndi yoyenera kusankha pogwiritsa ntchito njira yomweyo. Kuwukira kumapitilira motere mpaka fayilo ya cookie itabwezeretsedwa. Imatchedwa POODLE: Padding Oracle pa Downgraded Legacy Encryption.
AMAMERA
Monga tanenera, SSLv3 inali ndi zolakwika zake, koma zinali zosiyana kwambiri ndi zomwe zidalipo kale, popeza SSLv2 yotayirira idapangidwa nthawi ina. Pamenepo mutha kusokoneza uthengawo pakati: соглашусь на это только через мой труп inasanduka соглашусь на это; kasitomala ndi seva atha kukumana pa intaneti, kukhazikitsa zinsinsi ndikusinthana zinsinsi pamaso pa wowukirayo, yemwe amatha kutengera onse awiri. Palinso vuto ndi cryptography yotumiza kunja, yomwe tidatchulapo poganizira FREAK. Awa anali Sodomu ndi Gomora mobisa.
Mu Marichi 2016, gulu la ofufuza ochokera m'magawo osiyanasiyana aukadaulo adakumana ndikupeza zinthu zodabwitsa: SSLv2 ikugwiritsidwabe ntchito pazachitetezo. Inde, owukira sakanathanso kutsitsa magawo amakono a TLS kukhala SSLv2 popeza dzenjelo lidatsekedwa pambuyo pa FREAK ndi POODLE, koma amatha kulumikizana ndi ma seva ndikuyambitsa okha magawo a SSLv2.
Mungafunse kuti, n’chifukwa chiyani timasamala zimene amachita kumeneko? Ali ndi gawo lovuta, koma siliyenera kukhudza magawo ena kapena chitetezo cha seva - sichoncho? Chabwino, ayi ndithu. Inde, ndi momwe ziyenera kukhalira m'malingaliro. Koma ayi - chifukwa kupanga ziphaso za SSL kumabweretsa zolemetsa zina, zomwe zimapangitsa kuti ma seva ambiri azigwiritsa ntchito ziphaso zomwezo ndipo, chifukwa chake, makiyi a RSA omwewo a TLS ndi SSLv2 kulumikizana. Kuti zinthu ziipireipire, chifukwa cha cholakwika cha OpenSSL, njira ya "Disable SSLv2" pakukhazikitsa kotchuka kwa SSL sikunagwire ntchito.
Izi zidapangitsa kuti pakhale kuukira kwa TLS, komwe kumatchedwa (Kuchotsa RSA ndi Chisinthiko Chachikale ndi Chofowoketsedwa, kuchotsa RSA ndi kubisa kwachikale komanso kofooka). Kumbukirani kuti izi sizili zofanana ndi kuukira kochepa; wowukirayo sayenera kuchita ngati "mwamuna wapakati" ndipo safunikira kuphatikizira ofuna chithandizo kuti achite nawo gawo lopanda chitetezo. Zigawenga zimangoyambitsa gawo la SSLv2 losatetezeka ndi seva yokha, kuukira njira yofooka, ndikubwezeretsanso kiyi yachinsinsi ya RSA ya seva. Kiyi iyi ndiyothandizanso pamalumikizidwe a TLS, ndipo kuyambira pano, palibe kuchuluka kwa chitetezo cha TLS chomwe chingalepheretse kusokonezedwa.
Koma kuti muwononge, mufunika kugwirira ntchito motsutsana ndi SSLv2, yomwe imakulolani kuti mubwezeretse osati magalimoto enieni okha, komanso chinsinsi chachinsinsi cha RSA. Ngakhale uku ndikukhazikitsa kovutirapo, ofufuzawo amatha kusankha chiwopsezo chilichonse chomwe chidatsekedwa pambuyo pa SSLv2. Pambuyo pake adapeza njira yoyenera: kuukira kwa Bleichenbacher, komwe tidatchula kale komanso komwe tidzafotokozera mwatsatanetsatane m'nkhani yotsatira. SSL ndi TLS amatetezedwa ku chiwonongeko ichi, koma zina mwachisawawa za SSL, zophatikizidwa ndi makiyi achidule pamakina olembera kunja, zidapangitsa kuti zitheke. .
Pa nthawi yomwe idasindikizidwa, 25% yamasamba apamwamba pa intaneti adakhudzidwa ndi chiwopsezo cha DROWN, ndipo kuwukirako kutha kuchitika ndi zinthu zochepa zomwe zimapezeka kwa obera ankhanza okha. Kupezanso kiyi ya RSA ya seva kudafunikira maola asanu ndi atatu a kuwerengera ndi $440, ndipo SSLv2 idachoka kuchoka ku ntchito kupita ku radioactive.
Dikirani, nanga Heartbleed?
Uku sikuwukira kwachinsinsi m'lingaliro lomwe tafotokozazi; Uku ndikusefukira kwa bafa.
Tiyeni tipume kaye
Tinayamba ndi njira zina zoyambira: brute force, interpolation, downgrading, cross-protocol, and precomputation. Kenaka tinayang'ana njira imodzi yapamwamba, mwinamwake chigawo chachikulu cha kuukira kwamakono kwa cryptographic: oracle attack. Tidakhala nthawi yayitali tikuzilingalira - ndipo sitinamvetsetse mfundo yokhayo, komanso tsatanetsatane wazinthu ziwiri zomwe zakhazikitsidwa: kuwukira kwa Vaudenay pamayendedwe a CBC encryption komanso kuwukira kwa Kelsey pama protocol a pre-compression encryption.
Powunika kutsitsa ndi kuwerengeratu, tidafotokozera mwachidule za FREAK, yomwe imagwiritsa ntchito njira zonse ziwiri potsitsa masamba omwe amatsitsidwa mpaka makiyi ofooka kenako kugwiritsanso ntchito makiyi omwewo. Pankhani yotsatira, tisunga (zofanana kwambiri) za Logjam, zomwe zimayang'ana ma aligorivimu achinsinsi.
Kenako tinayang’ananso zitsanzo zina zitatu za mmene mfundo zimenezi zimagwiritsidwira ntchito. Choyamba, CRIME ndi POODLE: ziwopsezo ziwiri zomwe zidadalira kuthekera kwa wowukirayo kuyika mawu osamveka pafupi ndi zomwe mukufuna, kenako onani mayankho a seva ndi ndiye, pogwiritsa ntchito njira ya oracle attack, gwiritsani ntchito chidziwitso chochepachi kuti, pang'onopang'ono kubwezeretsanso mawuwo. CRIME inadutsa njira yomwe Kelsey anaukira kupsinjika kwa SSL, pomwe POODLE m'malo mwake adagwiritsa ntchito mtundu wina wa kuwukira kwa Vaudenay pa CBC ndi zotsatira zomwezo.
Kenako tidayang'ananso za kuukira kwa DROWN, komwe kumakhazikitsa kulumikizana ndi seva pogwiritsa ntchito protocol ya SSLv2 yodziwika ndikubwezeretsa makiyi achinsinsi a seva pogwiritsa ntchito kuwukira kwa Bleichenbacher. Ife talumpha zaukadaulo za kuwukiraku pakadali pano; monga Logjam, iyenera kudikirira mpaka titamvetsetsa bwino ma cryptosystems achinsinsi ndi zovuta zawo.
M'nkhani yotsatira tidzakambirana za kuukira kwapamwamba monga kukumana-pakati, kusiyana kwa cryptanalysis ndi kuukiridwa kwa tsiku lobadwa. Tiyeni titengepo kanthu mwachangu pakuwukira kumbali, kenako ndikupitilira gawo losangalatsa: makiyi achinsinsi a anthu.
Source: www.habr.com