ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Siideynta hostapd iyo wpa_supplicant 2.10

Siideynta hostapd iyo wpa_supplicant 2.10

Hal sano iyo badh ka dib horumarinta, sii deynta hostapd/wpa_supplicant 2.10 ayaa la diyaariyey, oo ah hab lagu taageerayo borotokoolka wireless-ka IEEE 802.1X, WPA, WPA2, WPA3 iyo EAP, oo ka kooban codsiga wpa_supplicant si loogu xiro shabakad wireless. macmiil ahaan iyo habka asalka ah ee hostapd si loo bixiyo hawlgalka barta gelitaanka iyo server-ka xaqiijinta, oo ay ku jiraan qaybo ay ka mid yihiin Xaqiijiyaha WPA, macmiilka sugida RADIUS/server, EAP server. Koodhka isha ee mashruuca waxa lagu qaybiyaa shatiga BSD.

Marka lagu daro isbeddelada shaqada, nooca cusub wuxuu xannibayaa vector-ka-geeska cusub ee weerarka saameeya habka wada xaajoodka isku xirka SAE (Simultaneous Authentication of Equals) iyo nidaamka EAP-pwd. Weeraryahan oo awood u leh inuu fuliyo koodka aan mudnaanta lahayn ee nidaamka isticmaalaha ku xiraya shabakada wireless wuxuu, la socon karaa dhaqdhaqaaqa nidaamka, wuxuu heli karaa macluumaadka ku saabsan sifooyinka sirta ah oo u isticmaalo si uu u fududeeyo qiyaasaha erayga sirta ah ee qaabka offline. Dhibaatada waxaa sababa daadinta iyada oo loo marayo channels dhinac saddexaad ee macluumaadka ku saabsan sifooyinka sirta ah, kaas oo u ogolaanaya, ku salaysan xogta aan toos ahayn, sida isbeddelka dib u dhac inta lagu guda jiro hawlaha, si loo caddeeyo sax ah ee doorashada qaybo ka mid ah sirta ah in habka loo dooranayo.

Si ka duwan arrimaha la midka ah ee la go'aamiyay 2019, nuglaanta cusub waxaa sababa xaqiiqda ah in asalka qarsoodiga ah ee dibedda ee loo adeegsaday shaqada crypto_ec_point_solve_y_coord() aysan bixinin waqti dil joogto ah, iyadoon loo eegin nooca xogta la farsameeyo. Iyada oo ku saleysan falanqaynta hab-dhaqanka kaydiyaha processor-ka, weeraryahan awood u leh inuu ku socodsiiyo koodka aan mudnaanta lahayn isla isla processor-ka wuxuu heli karaa macluumaadka ku saabsan horumarka hawlgallada sirta ah ee SAE/EAP-pwd. Dhibaatadu waxay saamaysaa dhammaan noocyada wpa_supplicant iyo hostapd lagu soo ururiyey taageerada SAE (CONFIG_SAE=y) iyo EAP-pwd (CONFIG_EAP_PWD=y).

Isbeddellada kale ee sii daynta cusub ee hostapd iyo wpa_supplicant:

  • Waxaa lagu daray awoodda lagu dhisayo maktabadda cryptographic OpenSSL 3.0.
  • Habka Ilaalinta Beacon ee lagu soo jeediyay cusboonaysiinta tafatirka WPA3 waa la hirgeliyay, oo loogu talagalay in laga ilaaliyo weerarrada firfircoon ee shabakadda wirelesska ee wax ka beddelaya isbeddellada qaab-dhismeedyada Beacon.
  • Taageerada lagu daray DPP 2 (Bartakoolka Bixinta Qalabka Wi-Fi), kaas oo qeexaya habka xaqiijinta furaha dadweynaha ee loo isticmaalo heerka WPA3 ee qaabeynta la fududeeyay ee aaladaha iyada oo aan lahayn is-dhexgal shaashadda. Dejinta waxaa lagu fuliyaa iyadoo la isticmaalayo qalab kale oo aad u horumarsan oo horay loogu xiray shabakada wireless-ka. Tusaale ahaan, halbeegyada aaladda IoT ee aan lahayn shaashada waxaa laga dejin karaa casriga casriga ah iyadoo lagu salaynayo sawirka koodka QR ee ku daabacan kiiska;
  • Taageero lagu daray Aqoonsiga Furaha ee Dheeraadka ah (IEEE 802.11-2016).
  • Taageerada habka amniga ee SAE-PK (SAE Public Key) ayaa lagu daray hirgelinta habka gorgortanka isku xirka SAE. Habka xaqiijinta degdega ah loo diro ayaa la hirgeliyay, waxaa karti u leh "sae_config_immediate=1", iyo sidoo kale habka hash-to-element, oo karti leh marka sae_pwe cabbirka loo dejiyay 1 ama 2.
  • Hirgelinta EAP-TLS waxay ku dartay taageerada TLS 1.3 (naafo ahaan).
  • Dejin cusub oo lagu daray (max_auth_rounds, max_auth_rounds_short) si loo beddelo xadka tirada fariimaha EAP inta lagu jiro habka xaqiijinta (isbeddelka xadka ayaa loo baahan karaa marka la isticmaalayo shahaadooyin aad u weyn).
  • Taageero lagu daray PASN (Pre Association Security Gorgortanka) ee samaynta xidhiidh sugan iyo ilaalinta is-dhaafsiga xargaha xakamaynta marxalad hore oo xidhiidhineed.
  • Habka Naafada Ku-meelgaarka ah ayaa la hirgeliyay, kaas oo kuu ogolaanaya inaad si toos ah u joojiso habka roaming, kaas oo kuu ogolaanaya inaad u kala beddesho goobaha gelitaanka markaad guurto, si kor loogu qaado ammaanka.
  • Taageerada borotokoolka WEP waa laga saaray dhismayaal aan caadi ahayn (dib u dhiska CONFIG_WEP=y ayaa loo baahan yahay si loo soo celiyo taageerada WEP). Shaqada dhaxalka ah ee meesha laga saaray ee laxidhiidha Hab-raaca Barta Helitaanka Inter-Access Point (IAPP). Taageerada libnl 1.1 waa la joojiyay. Xulashada dhismaha ee lagu daray CONFIG_NO_TKIP=y dhismooyin aan lahayn taageerada TKIP.
  • Nuglaanta go'an ee hirgelinta UPnP (CVE-2020-12695), gudaha P2P/Wi-Fi toosiyaha ah (CVE-2021-27803) iyo habka ilaalinta PMF (CVE-2019-16275).
  • Isbeddellada gaarka ah ee Hostapd waxaa ka mid ah taageerada la ballaariyay ee HEW (Wireless-ka Waxtarka Sare, IEEE 802.11ax) shabakadaha wireless, oo ay ku jirto awoodda isticmaalka xadka soo noqnoqda ee 6 GHz.
  • Isbeddellada gaarka ah ee wpa_supplicants:
    • Taageero lagu daray habka marinka marinka ee SAE (WPA3-Personal).
    • Taageerada qaabka P802.11P waxaa loo hirgeliyay kanaalada EDMG (IEEE 2ay).
    • Saadaasha wax soo saarka oo la hagaajiyay iyo xulashada BSS.
    • Interface-ka xakamaynta ee loo maro D-Bus waa la balaariyay.
    • Taageero cusub ayaa lagu daray kaydinta furaha sirta ah ee fayl gaar ah, kaas oo kuu ogolaanaya inaad ka saarto macluumaadka xasaasiga ah faylka qaabeynta ugu weyn.
    • Waxaa lagu daray siyaasado cusub oo loogu talagalay SCS, MSCS iyo DSCP.

Source: opennet.ru

Add a comment