Mauthenga a SMS ndi njira yodziwika kwambiri yotsimikizira zinthu ziwiri (2FA). Amagwiritsidwa ntchito ndi mabanki, ma wallet amagetsi ndi crypto, ma mailbox ndi mitundu yonse ya mautumiki; .
Izi zandikwiyitsa, chifukwa njirayi ndi yopanda chitetezo. Kugawanso nambala kuchokera ku SIM khadi kupita ku ina kunayamba kumayambiriro kwa nthawi ya mafoni - umu ndi momwe nambala imabwezeretsedwera pamene SIM khadi yatayika. "Akatswiri akuba ndalama pakompyuta" adazindikira kuti njira "yolembanso SIM khadi" ingagwiritsidwe ntchito m'njira zachinyengo. Kupatula apo, yemwe amawongolera SIM khadi amatha kuwongolera mabanki a anthu ena pa intaneti, zikwama zamagetsi, komanso ndalama za crypto. Ndipo mutha kutenga nambala ya munthu wina popereka ziphuphu kwa wogwira ntchito pa telecom, pogwiritsa ntchito chinyengo kapena zikalata zabodza.
Magawo masauzande ambiri akusinthana kwa SIM awululidwa, monga momwe amatchulira chiwembu chachinyengo ichi. Kukula kwa tsokali kukuwonetsa kuti dziko lapansi posachedwa lisiya 2FA kudzera pa SMS. Koma izi sizichitika - mu amanena kuti si ogwiritsa ntchito omwe amasankha njira ya 2FA, koma eni ake a ntchito.
Tikupangira kugwiritsa ntchito njira yotetezeka ya 2FA popereka ma code anthawi imodzi kudzera pa blockchain, ndipo tidzakuuzani momwe mwiniwake wautumiki angagwirizanitse.
Chiwerengerocho chimafika mamiliyoni
Mu 2019, chinyengo chosinthana ndi SIM chidakwera ndi 63% malinga ndi apolisi aku London, ndipo "average bill" ya wowukirayo inali 4,000 GBP. Sindinapeze ziwerengero zilizonse ku Russia, koma ndikuganiza kuti ndizoipa kwambiri.
Kusinthana kwa SIM kumagwiritsidwa ntchito kuba ma akaunti otchuka a Twitter, Instagram, Facebook, VK, maakaunti aku banki, ndipo posachedwa ngakhale ma cryptocurrencies - malinga ndi wochita bizinesi wa Bitcoin Joby Weeks. Milandu yapamwamba yakuba kwa cryptocurrency pogwiritsa ntchito SIM swapping yakhala ikutuluka m'manyuzipepala kuyambira 2016; 2019 inali pachimake chenicheni.
M'mwezi wa Meyi, Ofesi ya Loya waku US ya Chigawo Chakum'mawa kwa Michigan Achinyamata asanu ndi anayi azaka zapakati pa 19 ndi 26: amakhulupirira kuti ali m'gulu lachigawenga chotchedwa "Community". Gululi likuimbidwa milandu isanu ndi iwiri yosinthana, zomwe zimapangitsa kuti akuba adaba ndalama za crypto zamtengo wopitilira $2,4 miliyoni. Ndipo mu April, wophunzira waku California Joel Ortiz adalandira zaka 10 m'ndende chifukwa cha kusinthana kwa SIM; kupanga kwake kunali $7.5 miliyoni mu cryptocurrencies.
Chithunzi cha Joel Ortiz pamsonkhano wa atolankhani waku yunivesite. Zaka ziwiri pambuyo pake adzamangidwa chifukwa chachinyengo cha pa intaneti.
Momwe SIM swap imagwirira ntchito
"Kusinthanitsa" kumatanthauza kusinthana. Mβnjira zonsezi, zigawenga zimalanda nambala ya foni ya munthu amene wazunzidwayo, nthawi zambiri poperekanso SIM khadi, nβkuigwiritsa ntchito pokonzanso mawu achinsinsi. Kusintha kwamtundu wa SIM m'malingaliro kumawoneka motere:
- Intelligence Service. Achinyengo amapeza zambiri za wozunzidwayo: dzina ndi nambala yafoni. Atha kupezeka m'malo otseguka (malo ochezera a pa Intaneti, abwenzi) kapena kulandiridwa kuchokera kwa wothandizira - wogwira ntchito pa foni yam'manja.
- Kutsekereza. SIM khadi ya wozunzidwayo yatsekedwa; Kuti muchite izi, ingoyimbirani thandizo laukadaulo la woperekayo, perekani nambala ndikunena kuti foni idatayika.
- Jambulani, tumizani nambalayo ku SIM khadi yanu. Nthawi zambiri izi zimachitikanso kudzera mwa mnzake mu kampani ya telecom kapena mwachinyengo zolemba.
Mβmoyo weniweni zinthu zimakhala zovuta kwambiri. Owukira amasankha wozunzidwa ndikutsata komwe kuli foni tsiku ndi tsiku - pempho limodzi loti alandire chidziwitso chomwe wolembetsa wasintha kuti azingoyendayenda amawononga masenti 1-2. Mwiniwake wa SIM khadi atangopita kunja, amakambirana ndi woyang'anira malo ogulitsa mauthenga kuti apereke SIM khadi yatsopano. Zimawononga pafupifupi $ 50 (ndinapeza chidziwitso - m'mayiko osiyanasiyana komanso ndi ogwira ntchito osiyanasiyana kuchokera ku $ 20 mpaka $ 100), ndipo poipa kwambiri mtsogoleriyo adzachotsedwa ntchito - palibe udindo pa izi.
Tsopano ma SMS onse adzalandiridwa ndi otsutsa, ndipo mwiniwake wa foni sangathe kuchita chilichonse - ali kunja. Kenako oyimbayo amapeza maakaunti onse a wozunzidwayo ndikusintha mapasiwedi ngati angafune.
Mwayi wobweza zinthu zakuba
Mabanki nthawi zina amalandirira ozunzidwa ndi theka ndikuchotsa ndalama kuchokera ku akaunti zawo. Choncho, n'zotheka kubwezera ndalama za fiat ngakhale chigawenga sichinapezeke. Koma ndi cryptocurrency wallets chirichonse chiri chovuta kwambiri - ndi mwaukadaulo, ndi malamulo. Pakadali pano, palibe chikwama chimodzi chosinthanitsa/chikwama chomwe chalipira chipukuta misozi kwa ozunzidwa chifukwa chakusinthana.
Ngati ozunzidwa akufuna kuteteza ndalama zawo kukhoti, amadzudzula wogwiritsa ntchitoyo: adalenga mikhalidwe ya kuba ndalama kuchokera ku akaunti. Ndizo ndendende zomwe ndinachita , yemwe adataya $224 miliyoni chifukwa chosinthana.
Pakadali pano, palibe boma lomwe lili ndi njira zogwirira ntchito zoteteza mwalamulo eni eni a cryptocurrency. Ndizosatheka kutsimikizira likulu lanu kapena kulandira chipukuta misozi chifukwa chakutayika kwake. Chifukwa chake, kupewa kuukira kosinthana ndikosavuta kuposa kuthana ndi zotsatira zake. Njira yodziwikiratu ndiyo kugwiritsa ntchito "chinthu chachiwiri" chodalirika cha 2FA.
Kusintha kwa SIM si vuto lokhalo ndi 2FA kudzera pa SMS
Makhodi otsimikizira mu SMS nawonso ndi osatetezeka kumalingaliro aukadaulo. Mauthenga amatha kulandidwa chifukwa cha zovuta zomwe sizinalembedwe mu Signaling System 7 (SS7). 2FA pa SMS imadziwika kuti ndi yosatetezeka (US National Institute of Standards and Technology ikunena izi m'mawu ake ).
Panthawi imodzimodziyo, kukhalapo kwa 2FA nthawi zambiri kumapatsa wogwiritsa ntchito chitetezo chabodza, ndipo amasankha mawu achinsinsi osavuta. Chifukwa chake, kutsimikizika kotere sikumapangitsa kuti zikhale zovuta, koma zimapangitsa kuti zikhale zosavuta kuti wowukirayo apeze mwayi wogwiritsa ntchito akauntiyo.
Ndipo nthawi zambiri ma SMS amafika mochedwa kapena samafika konse.
Njira zina za 2FA
Inde, kuwala sikunasinthe pa mafoni a m'manja ndi ma SMS. Pali njira zina za 2FA. Mwachitsanzo, ma TAN a nthawi imodzi: njira yakale, koma imagwira ntchito - imagwiritsidwabe ntchito m'mabanki ena. Pali machitidwe omwe amagwiritsa ntchito deta ya biometric: zisindikizo za zala, zojambula za retina. Njira ina yomwe ikuwoneka ngati kusagwirizana momveka bwino, kudalirika ndi mtengo ndi ntchito zapadera za 2FA: RSA Token, Google Authenticator. Palinso makiyi akuthupi ndi njira zina.
Mwachidziwitso, chirichonse chikuwoneka chomveka komanso chodalirika. Koma pochita, mayankho amakono a 2FA ali ndi mavuto, ndipo chifukwa cha iwo, zenizeni zimasiyana ndi ziyembekezo.
Malingana ndi , kugwiritsa ntchito 2FA ndizovuta kwenikweni, ndipo kutchuka kwa 2FA kudzera pa SMS kumafotokozedwa ndi "zovuta zochepa poyerekeza ndi njira zina" - kulandira zizindikiro za nthawi imodzi ndizomveka kwa wogwiritsa ntchito.
Ogwiritsa ntchito amagwirizanitsa njira zambiri za 2FA ndi mantha kuti mwayi udzatayika. Kiyi yakuthupi kapena mndandanda wachinsinsi wa TAN utha kutayika kapena kubedwa. Ine ndekha ndakhala ndikukumana ndi zoyipa ndi Google Authenticator. Foni yanga yam'manja yoyamba yokhala ndi pulogalamuyi idasokonekera - ndithokozeni kuyesetsa kwanga pakubwezeretsa mwayi wamaakaunti anga. Vuto lina ndikusinthira ku chipangizo chatsopano. Google Authenticator ilibe njira yotumizira kunja chifukwa chachitetezo (ngati makiyi atha kutumizidwa kunja, pali chitetezo chotani?). Nditanyamula makiyi pamanja, kenako ndinaganiza kuti zinali zosavuta kusiya foni yamakono mu bokosi pa alumali.
Njira ya 2FA iyenera kukhala:
- Otetezeka - inu nokha osati oukira muyenera kulowa muakaunti yanu
- Zodalirika - mumatha kupeza akaunti yanu nthawi iliyonse yomwe mukufuna
- Zosavuta komanso zopezeka - kugwiritsa ntchito 2FA ndikomveka ndipo kumatenga nthawi yochepa
- Zotsika mtengo
Tikukhulupirira kuti blockchain ndiye yankho lolondola.
Gwiritsani ntchito 2FA pa blockchain
Kwa wogwiritsa ntchito, 2FA pa blockchain ikuwoneka mofanana ndi kulandira zizindikiro za nthawi imodzi kudzera pa SMS. Kusiyana kokha ndi njira yobweretsera. Njira yopezera khodi ya 2FA imatengera zomwe blockchain imapereka. Mu pulojekiti yathu (zambiri zili mumbiri yanga) iyi ndi pulogalamu yapaintaneti, Tor, iOS, Android, Linux, Windows, MacOS.
Utumiki umapanga kachidindo kamodzi ndikutumiza kwa messenger pa blockchain. Kenako tsatirani zachikale: wogwiritsa amalowetsa nambala yomwe adalandira mu mawonekedwe autumiki ndikulowa.
M'nkhaniyi Ndinalemba kuti blockchain imatsimikizira chitetezo ndi chinsinsi cha kufalitsa uthenga. Pankhani yotumiza manambala a 2FA, ndiwunikira:
- Dinani kumodzi kuti mupange akaunti - palibe mafoni kapena maimelo.
- Mauthenga onse okhala ndi ma code a 2FA ndi obisidwa End-to-End curve25519xsalsa20poly1305.
- Kuwukira kwa MITM sikuphatikizidwa - uthenga uliwonse wokhala ndi khodi ya 2FA ndizochitika pa blockchain ndipo wasainidwa ndi Ed25519 EdDSA.
- Uthenga wokhala ndi khodi ya 2FA umathera mu block yake. Mndandanda ndi nthawi ya midadada sizingawongoleredwe, choncho dongosolo la mauthenga.
- Palibe dongosolo lapakati lomwe limayang'ana "zowona" za uthenga. Izi zimachitidwa ndi dongosolo logawidwa la node malinga ndi mgwirizano, ndipo ndi la ogwiritsa ntchito.
- Sizingatheke - akaunti sizingaletsedwe ndipo mauthenga sangathe kuchotsedwa.
- Pezani ma code a 2FA kuchokera ku chipangizo chilichonse nthawi iliyonse.
- Chitsimikizo cha kutumiza uthenga ndi 2FA code. Ntchito yomwe imatumiza mawu achinsinsi anthawi imodzi imadziwa motsimikiza kuti yaperekedwa. Palibe mabatani a "Send again".
Poyerekeza ndi njira zina za 2FA, ndidapanga tebulo:
Wogwiritsa amalandira akaunti mu messenger blockchain kuti alandire ma code mu sekondi - mawu achinsinsi okha ndi omwe amagwiritsidwa ntchito kulowa. Chifukwa chake, njira zogwiritsira ntchito zitha kukhala zosiyana: mutha kugwiritsa ntchito akaunti imodzi kuti mulandire ma code a mautumiki onse, kapena mutha kupanga akaunti yosiyana pautumiki uliwonse.
Palinso vuto - akauntiyo iyenera kukhala ndi zochitika zina. Kuti wogwiritsa ntchito alandire uthenga wobisika ndi code, muyenera kudziwa chinsinsi chake chapagulu, ndipo chikuwonekera mu blockchain pokhapokha ndikuchita koyamba. Umu ndi momwe tinatha kutulukamo: tinawapatsa mwayi wolandira zizindikiro zaulere mu chikwama chawo. Komabe, njira yabwinoko ndikutcha akauntiyo kiyi yapagulu. (Poyerekeza, tili ndi nambala ya akaunti U1467838112172792705 ndikuchokera ku kiyi ya anthu cc1ca549413b942029c4742a6e6ed69767c325f8d989f7e4b71ad82a164c2ada. Kwa messenger izi ndizosavuta komanso zowerengeka, koma pamakina otumizira ma code 2FA ndi malire). Ndikuganiza kuti m'tsogolomu wina adzapanga chisankho chotero ndikusunthira "Kusavuta ndi Kupeza" kudera lobiriwira.
Mtengo wotumizira khodi ya 2FA ndiyotsika kwenikweni - 0.001 ADM, tsopano ndi 0.00001 USD. Apanso, mutha kukweza blockchain yanu ndikupanga mtengo ziro.
Momwe mungalumikizire 2FA pa blockchain ku ntchito yanu
Ndikuyembekeza kuti ndinatha kukondweretsa owerenga ochepa kuti awonjezere chilolezo cha blockchain ku mautumiki awo.
Ndikuuzani momwe mungachitire izi pogwiritsa ntchito mthenga wathu monga chitsanzo, ndipo pofanizira mungagwiritse ntchito blockchain ina. Mu pulogalamu yachiwonetsero ya 2FA timagwiritsa ntchito postgresql10 kusunga zambiri za akaunti.
Magawo kulumikiza:
- Pangani akaunti pa blockchain komwe mungatumizire ma code 2FA. Mudzalandira mawu achinsinsi, omwe amagwiritsidwa ntchito ngati kiyi yachinsinsi kubisa mauthenga ndi ma code ndi kusaina zochitika.
- Onjezani script ku seva yanu kuti mupange ma code 2FA. Ngati mukugwiritsa ntchito kale njira ina iliyonse ya 2FA ndi kutumiza mawu achinsinsi kamodzi, mwamaliza kale izi.
- Onjezani script ku seva yanu kuti mutumize ma code kwa wogwiritsa ntchito blockchain messenger.
- Pangani mawonekedwe ogwiritsa ntchito kutumiza ndikulowetsa khodi ya 2FA. Ngati mukugwiritsa ntchito kale njira ina iliyonse ya 2FA ndi kutumiza mawu achinsinsi kamodzi, mwamaliza kale izi.
1 Pangani akaunti
Kupanga akaunti mu blockchain kumatanthauza kupanga kiyi yachinsinsi, kiyi yapagulu, ndi adilesi yochokera.
Choyamba, mawu achinsinsi a BIP39 amapangidwa, ndipo SHA-256 hash imawerengedwa kuchokera pamenepo. Hashi imagwiritsidwa ntchito kupanga kiyi yachinsinsi ks ndi kiyi yapagulu kp. Kuchokera pa kiyi yapagulu, pogwiritsa ntchito SHA-256 yomweyo ndi inversion, timapeza adilesi mu blockchain.
Ngati mukufuna kutumiza makhodi a 2FA nthawi iliyonse kuchokera ku akaunti yatsopano, nambala yopangira akaunti iyenera kuwonjezeredwa ku seva:
import Mnemonic from 'bitcore-mnemonic'
this.passphrase = new Mnemonic(Mnemonic.Words.ENGLISH).toString()
β¦
import * as bip39 from 'bip39'
import crypto from 'crypto'
adamant.createPassphraseHash = function (passphrase) {
const seedHex = bip39.mnemonicToSeedSync(passphrase).toString('hex')
return crypto.createHash('sha256').update(seedHex, 'hex').digest()
}
β¦
import sodium from 'sodium-browserify-tweetnacl'
adamant.makeKeypair = function (hash) {
var keypair = sodium.crypto_sign_seed_keypair(hash)
return {
publicKey: keypair.publicKey,
privateKey: keypair.secretKey
}
}
β¦
import crypto from 'crypto'
adamant.getAddressFromPublicKey = function (publicKey) {
const publicKeyHash = crypto.createHash('sha256').update(publicKey, 'hex').digest()
const temp = Buffer.alloc(8)
for (var i = 0; i < 8; i++) {
temp[i] = publicKeyHash[7 - i]
}
return 'U' + bignum.fromBuffer(temp).toString()
}Muzowonetseratu, tidazisavuta - tidapanga akaunti imodzi mu pulogalamu yapaintaneti, ndikutumiza ma code kuchokera pamenepo. Nthawi zambiri, izi zimakhalanso zosavuta kwa wogwiritsa ntchito: amadziwa kuti ntchitoyi imatumiza zizindikiro za 2FA kuchokera ku akaunti inayake ndipo akhoza kutchula.
2 Kupanga ma code 2FA
Khodi ya 2FA iyenera kupangidwa pakalowa aliyense wogwiritsa ntchito. Timagwiritsa ntchito laibulale , koma mukhoza kusankha ina iliyonse.
const hotp = speakeasy.hotp({
counter,
secret: account.seSecretAscii,
});
Kuyang'ana kutsimikizika kwa khodi ya 2FA yolembedwa ndi wogwiritsa ntchito:
se2faVerified = speakeasy.hotp.verify({
counter: this.seCounter,
secret: this.seSecretAscii,
token: hotp,
});
3 Kutumiza 2FA kodi
Kuti mupereke khodi ya 2FA, mutha kugwiritsa ntchito blockchain node API, JS API library, kapena console. Mu chitsanzo ichi, timagwiritsa ntchito console - iyi ndi Command Line Interface, ntchito yomwe imathandizira kuyanjana ndi blockchain. Kuti mutumize uthenga wokhala ndi khodi ya 2FA, muyenera kugwiritsa ntchito lamulo send message kutonthoza.
const util = require('util');
const exec = util.promisify(require('child_process').exec);
β¦
const command = `adm send message ${adamantAddress} "2FA code: ${hotp}"`;
let { error, stdout, stderr } = await exec(command);
Njira ina yotumizira mauthenga ndiyo kugwiritsa ntchito njirayo send mu laibulale ya JS API.
4 Wogwiritsa ntchito
Wogwiritsa ntchito ayenera kupatsidwa mwayi woti alowe nambala ya 2FA, izi zitha kuchitika m'njira zosiyanasiyana kutengera nsanja yanu yofunsira. Mu chitsanzo chathu ichi ndi Vue.
Khodi yochokera kwa blockchain yotsimikizika yazinthu ziwiri zoyeserera zitha kuwonedwa . Pali ulalo mu Readme to Live demo kuti muyese.
Source: www.habr.com