Nhengo dzeChikwata cheGoogle Chengetedzo dzakaburitsa raibhurari yakavhurika sosi, Paranoid, yakagadzirirwa kuona isina kusimba cryptographic artifacts, senge makiyi eruzhinji uye masiginecha edhijitari, akagadzirwa munjodzi hardware (HSM) uye software masisitimu. Iyo kodhi yakanyorwa muPython uye yakagoverwa pasi peiyo Apache 2.0 rezinesi.
Iyo purojekiti inogona kubatsira pakuongorora zvisina kunanga kushandiswa kwealgorithms uye maraibhurari ayo akaziva mapundu uye kusasimba kunokanganisa kuvimbika kwemakiyi anogadzirwa uye masiginecha edhijitari kana zvigadzirwa zviri kusimbiswa zvichigadzirwa nehardware isingagone kusimbiswa kana neyakavharika zvikamu zvinomiririra. black box. Raibhurari inogonawo kuongorora seti dzenhamba dzemanyepo dzekuvimbika kwejenareta yavo, uye kubva muunganidzwa wakakura wezvigadzirwa, tsvaga matambudziko aimbozivikanwa kubva mukukanganisa kwehurongwa kana kushandiswa kweasingavimbike manhamba ejenareta.
Paunenge uchishandisa raibhurari yakatsanangurwa kutarisa zviri mukati meCT (Certificate Transparency) yeruzhinji log, iyo inosanganisira ruzivo pamusoro pezvitupa zvinodarika mabhiriyoni manomwe, hapana makiyi anonetsa eruzhinji akavakirwa paelliptic curves (EC) uye masiginecha edhijitari akavakirwa paECDSA algorithm akawanikwa. , asi makiyi eruzhinji anonetsa akawanikwa zvichibva paRSA algorithm. Kunyanya, 7 makiyi asina kuvimbika akaonekwa ayo akagadzirwa nekodhi ine isina kumiswa njodzi CVE-3586-2008 muOpenSSL package yeDebian, 0166 makiyi ane hukama neCVE-2533-2017 muraibhurari yeInfineon, uye makiyi gumi nemasere, kusavimbika kwakabatana nekutsvaga kweiyo yakanyanya kufanana divisor (GCD). Ruzivo rwezvitupa zvinonetsa zvichiri kushandiswa rwakatumirwa kuvakuru vezvitupa kuti vabviswe.
Source: opennet.ru