Jason A. Donenfeld, munyori weVPN WireGuard, akakurudzira kushandiswa kwakagadziridzwa kweRDRAND pseudo-random nhamba jenareta inotarisira kushanda kwe /dev/random uye /dev/urandom muLinux kernel. Pakupera kwaNovember, Jason akaverengerwa muhuwandu hwevanochengetedza mutyairi asina kujairika uye parizvino akaburitsa mhedzisiro yekutanga yebasa rake pakugadziriswa kwayo.
Kuitwa kutsva kwacho kwakakosha pakuchinja kwayo kushandisa iyo BLAKE2s hash basa panzvimbo yeSHA1 yekusanganisa entropy mabasa. Shanduko iyi yakavandudza kuchengetedzwa kwepseudo-random nhamba jenareta nekubvisa dambudziko SHA1 algorithm uye kubvisa kudhindwa kweRNG yekutanga vector. Sezvo BLAKE2s algorithm iri pamusoro pe SHA1 mukushanda, kushandiswa kwayo kwakavewo nemigumisiro yakanaka pakushanda kwepseudo-random nhamba jenareta (kuedza pahurongwa neIntel i7-11850H processor yakaratidza kuwedzera kwe131% mukumhanya). Imwe mukana wekuendesa entropy musanganiswa kuBLAKE2 kwaive kubatanidzwa kwealgorithms yakashandiswa - BLAKE2 inoshandiswa muChaCha cipher, yatoshandiswa kuburitsa zvisingaite.
Mukuwedzera, kuvandudzwa kwakaitwa kune crypto-secure pseudo-random nhamba jenareta CRNG inoshandiswa mukufona getrandom. Iko kunatsiridzwa kunodzika kusvika pakudzikamisa kufona kune inononoka RDRAND jenareta paunenge uchitora entropy, iyo inovandudza kuita ne3.7 nguva. Jason akaratidza kuti kudana RDRAND kunongonzwisisika mumamiriro ezvinhu apo CRNG isati yanyatsotangwa, asi kana kutanga kweCRNG kwapera, kukosha kwayo hakukanganisi kunaka kwekutevedzana kwakagadzirwa uye munyaya iyi kudana kuRDRAND. inogona kuregererwa.
Shanduko idzi dzakarongwa kuti dzibatanidzwe mu5.17 kernel uye dzakatoongororwa nevagadziri Ted Ts'o (wechipiri muchengeti wemutyairi asina kujairika), Greg Kroah-Hartman (ane basa rekuchengetedza bazi rakagadzikana reLinux kernel) naJean-Philippe. Aumasson (munyori weBLAKE2/3 algorithms).
Source: opennet.ru