ProHoster > Blog > litaba tsa inthanete > Ho ba kotsing laebraring ka ts'ebetsong ea mantlha ea algorithm ea SHA-3

Ho ba kotsing laebraring ka ts'ebetsong ea mantlha ea algorithm ea SHA-3

Kotsi (CVE-3-2022) e khethiloe ts'ebetsong ea SHA-37454 (Keccak) cryptographic hash function e fanoang ka har'a sephutheloana sa XKCP (eXtended Keccak Code Package), e ka lebisang ho khaphatseha ha buffer ha ho sebetsoa lintlha tse itseng. Bothata bo bakoa ke phoso ka khoutu ea ts'ebetsong e itseng ea SHA-3, eseng ka ho ba kotsing ho algorithm ka boeona. Sephutheloana sa XKCP se hlahisoa e le ts'ebetso ea semmuso ea SHA-3, e ntlafalitsoeng ka litlatsetso tse tsoang ho sehlopha sa ntlafatso sa Keccak, 'me e sebelisoa e le motheo oa mesebetsi ea SHA-3 ka lipuo tse fapaneng tsa mananeo (mohlala, khoutu ea XKCP e sebelisoa ho Python hahlib. module, sephutheloana sa Ruby digest sha3 le PHP hash_* mesebetsi).

Ho ea ka mofuputsi ea khethileng bothata, o ile a khona ho sebelisa ts'oaetso ea ho senya thepa ea cryptographic ea mosebetsi oa hash le ho fumana li-preimages tsa pele le tsa bobeli, hammoho le ho lemoha ho thulana. Ho feta moo, ho phatlalalitsoe hore ho tla etsoa ts'ebetso ea prototype e lumellang hore khoutu e sebelisoe ha ho baloa hash ea faele e entsoeng ka mokhoa o khethehileng. Ho ba kotsing ho ka boela ha sebelisoa ho hlasela li-algorithms tsa netefatso ea signature tse sebelisang SHA-3 (mohlala, Ed448). Lintlha tsa mekhoa ea tlhaselo li reriloe ho hatisoa hamorao, ka mor'a hore ts'oaetso e felisoe hohle.

Ha e e-so hlake hore na ts'oaetso e ama lits'ebetso tse seng li ntse li le teng hakae, kaha e le hore bothata bo iponahatse ka har'a khoutu, ho tlameha ho sebelisoe lipalo tsa cyclic hash ka li-block mme e 'ngoe ea li-blocks tse sebetsitsoeng e tlameha ho ba ka boholo ba 4 GB (bonyane. 2^32 - 200 li-byte). Ha o sebetsana le data ea ho kenya hang-hang (ntle le ho bala hash ka tatellano likarolong), bothata ha bo hlahe. E le mokhoa o bonolo ka ho fetisisa oa ts'ireletso, ho etsoa tlhahiso ea ho fokotsa boholo ba boholo ba data e amehang ka nako e le 'ngoe ea palo ea hash.

Kotsi e bakoa ke phoso ea ho sebetsa li-block tsa data e kentsoeng. Ka lebaka la papiso e fosahetseng ea boleng le mofuta oa "int", boholo bo fosahetseng ba data e ntseng e emetse bo khethiloe, e leng se lebisang hore mohatla o ngoloe ho feta buffer e fanoeng. Haholo-holo, papiso e sebelisitse poleloana "partialBlock + example->byteIOIndex", e lebisitseng ho phallo e felletseng bakeng sa boleng bo boholo ba likarolo tse teng. Ho phaella moo, ho ne ho e-na le mofuta o sa nepahalang oa "(unsigned int)(dataByteLen - i)" khoutu, e bakileng ho phalla ho litsamaiso tse nang le mofuta oa 64-bit size_t.

Mohlala oa khoutu e bakang ho khaphatseha: import hahlib h = hahlib.sha3_224() m1 = b"\x00" * 1; m2 = b"\x00" * 4294967295; h.ntlafatsa(m1) h.ntlafatsa(m2) khatiso(h.hexdigest())

Source: opennet.ru

Eketsa ka tlhaloso