Tlhahlobo ea poso: se tsejoang ka tlhaselo ea morao-rao ho marang-rang a SKS Keyserver a li-server tsa li-crypto key

Linokoane li sebelisitse karolo ea protocol ea OpenPGP e tsebahalang ka lilemo tse fetang leshome.

Re u bolella hore na ntlha ke efe le hore na ke hobane'ng ha ba sa khone ho e koala.

/Unsplash/ Chunlea Ju

Mathata a marang-rang

Bohareng ba June, ha ho tsejoe entse tlhaselo ho marang-rang a li-cryptographic key server SKS Keyserver, e hahiloeng holim'a protocol ea OpenPGP. Ena ke tekanyetso ea IETF (RFC 4880), e sebelisetsoang ho ngolla lengolo-tsoibila le melaetsa e meng. Marang-rang a SKS a entsoe lilemo tse mashome a mararo tse fetileng ho aba litifikeiti tsa sechaba. E kenyelletsa lisebelisoa tse kang GnuPG bakeng sa ho encryption data le ho theha li-signature tsa elektroniki tsa dijithale.

Baseki ba sekisitse litifikeiti tsa bahlokomeli ba projeke ba babeli ba GnuPG, Robert Hansen le Daniel Gillmor. Ho kenya setifikeiti se senyehileng ho tsoa ho seva ho etsa hore GnuPG e hlolehe - sistimi e hoama. Ho na le lebaka la ho lumela hore bahlaseli ba ke ke ba emisa moo, mme palo ea litifikeiti tse sekiselitsoeng e tla eketseha feela. Hona joale, boholo ba bothata bo ntse bo sa tsejoe.

Moko oa tlhaselo

Baseki ba nkile monyetla oa ho ba kotsing ho protocol ea OpenPGP. O 'nile a tsejoa ke sechaba ka lilemo tse mashome. Le ho GitHub ka fumana diketso tse tsamaellanang. Empa ho fihlela joale ha ho motho ea nkileng boikarabelo ba ho koala "sekoti" (re tla bua ka mabaka ka ho qaqileng haholoanyane hamorao).

Likhetho tse 'maloa ho tsoa ho blog ea rona ho Habré:

• SDN digest - li-emulators tse tšeletseng tse bulehileng tsa mohloli
• Mokhoa oa ho Haha SDN - Lisebelisoa tse robeli tsa Open Source
• Network Digest: Lisebelisoa tse 17 tsa litsebi mabapi le Wi-Fi le 5G

Ho latela litlhaloso tsa OpenPGP, mang kapa mang a ka eketsa li-signature tsa dijithale ho litifikeiti ho netefatsa mong'a tsona. Ho feta moo, palo e kholo ea li-signature ha e laoloe ka tsela leha e le efe. 'Me mona ho hlaha bothata - marang-rang a SKS a u lumella ho beha li-signature tse ka bang likete tse 150 setifikeiting se le seng, empa GnuPG ha e tšehetse palo e joalo. Kahoo, ha o kenya setifikeiti, GnuPG (hammoho le lits'ebetso tse ling tsa OpenPGP) ea hoama.

E mong oa basebelisi entse teko - ho kenya setifikeiti ho ile ha mo nka metsotso e ka bang 10. Setifikeiti se ne se e-na le li-signature tse fetang likete tse 54, 'me boima ba sona e ne e le 17 MB:

$ gpg --homedir=$PWD --recv C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
gpg: key F20691179038E5C6: 4 duplicate signatures removed
gpg: key F20691179038E5C6: 54614 signatures not checked due to missing keys
gpg: key F20691179038E5C6: 4 signatures reordered
gpg: key F20691179038E5C6: public key "Daniel Kahn Gillmor <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
$ ls -lh pubring.gpg
-rw-r--r--  1 filippo  staff    17M  2 Jul 16:30 pubring.gpg

Ho mpefatsa litaba le ho feta, li-server tsa senotlolo tsa OpenPGP ha li tlose tlhahisoleseling ea setifikeiti. Sena se etsoa e le hore u ka latela ketane ea liketso tsohle ka litifikeiti le ho thibela ho nkeloa sebaka. Ka hona, ho ke ke ha khoneha ho tlosa likarolo tse sekiselitsoeng.

Ha e le hantle, marang-rang a SKS ke "seva ea faele" e kholo eo mang kapa mang a ka ngollang data ho eona. Ho hlakisa bothata, selemong se fetileng moahi oa GitHub e entse sistimi ea faele, e bolokang litokomane ho marang-rang a li-server tsa li-cryptographic key.

Hobaneng ha ts'oaetso e sa ka ea koaloa?

Ho ne ho se na lebaka la ho koala ts'oaetso. Pele, e ne e sa sebelisetsoe litlhaselo tsa hacker. Le hoja sechaba sa IT a botsa nako e telele Baetsi ba SKS le OpenPGP ba lokela ho ela hloko bothata.

Ho ba leeme, ke habohlokoa ho hlokomela hore ka June ba ntse ba qalisoa Seva ea senotlolo sa liteko linotlolo.openpgp.org. E fana ka tšireletso khahlanong le mefuta ena ea litlhaselo. Leha ho le joalo, database ea eona e tletse ho tloha qalong, 'me seva ka boeona ha se karolo ea SKS. Ka hona, ho tla nka nako pele e ka sebelisoa.

/Unsplash/ Rubén Bagües

Ha e le kokoanyana tsamaisong ea pele, mochine o rarahaneng oa ho hokahanya o thibela ho lokisoa. Marang-rang a mantlha a seva a ne a ngotsoe e le bopaki ba mohopolo bakeng sa thesis ea Yaron Minsky's PhD. Ho feta moo, puo e khethehileng, OCaml, e ile ea khethoa bakeng sa mosebetsi. Ka ho latela mohlokomeli Robert Hansen, khoutu e thata ho e utloisisa, kahoo ke litokiso tse nyane feela tse etsoang ho eona. Ho fetola meralo ea SKS, e tla tlameha ho ngoloa bocha ho tloha qalong.

Leha ho le joalo, GnuPG ha e lumele hore marang-rang a tla ke a lokisoe. Ka poso ho GitHub, bahlahisi ba bile ba ngola hore ha ba khothaletse ho sebetsa le SKS Keyserver. Haele hantle, lena ke le leng la mabaka a mantlha a entseng hore ba qale ho fetela ho linotlolo tse ncha tsa litšebeletso.openpgp.org. Re ka shebella feela tsoelo-pele e tsoelang pele ea liketsahalo.

Lisebelisoa tse 'maloa tse tsoang ho blog ea rona ea khoebo:

• Botnet "spams" ka li-routers: seo u hlokang ho se tseba
• DDoS le 5G: "pipe" e teteaneng e bolela mathata a mangata
• Firewall kapa DPI - lisebelisoa tsa ts'ireletso bakeng sa merero e fapaneng
• Marang-rang ho ea motseng - ho haha ​​​​marang-rang a marang-rang a Wi-Fi

Source: www.habr.com