Xa usiva igama elithi "cryptography," abanye abantu bakhumbula igama eliyimfihlo le-WiFi, isitshixo esiluhlaza ecaleni kwedilesi yewebhusayithi abayithandayo, kunye nokuba kunzima kangakanani ukungena kwi-imeyile yomnye umntu. Abanye bakhumbula uthotho lobuthathaka kwiminyaka yamva nje ngokuxelela izifinyezo (DROWN, FREAK, POODLE...), iilogo ezinesitayile kunye nesilumkiso sokuhlaziya ngokukhawuleza isikhangeli sakho.
I-Cryptography igubungela yonke into, kodwa inyani kwenye. Ingongoma kukho umgca ocacileyo phakathi kokulula kunye nobunzima. Ezinye izinto kulula ukuzenza, kodwa kunzima ukuzidibanisa, njengokuqhekeza iqanda. Ezinye izinto kulula ukuzenza kodwa kunzima ukuzibuyisela xa inxalenye encinci, ebalulekileyo, ebalulekileyo ilahlekile: umzekelo, ukuvula umnyango otshixiweyo xa "inxalenye ebalulekileyo" isitshixo. I-Cryptography ifunda ezi meko kunye nendlela ezinokusetyenziswa ngayo ekusebenzeni.
Kwiminyaka yakutshanje, ingqokelela yohlaselo lwe-cryptographic ijike yaba yindawo yogcino-zilwanyana yeelogo ezikhazimlayo, ezaliswe ziifomula ezivela kumaphepha enzululwazi, kwaye inike imvakalelo edakumbileyo ngokubanzi yokuba yonke into yonakele. Kodwa enyanisweni, uninzi lohlaselo lusekelwe kwimigaqo embalwa eqhelekileyo, kwaye amaphepha angenasiphelo eefomula adla ngokubiliswa kwiingcamango ekulula ukuziqonda.
Kolu luhlu lwamanqaku, siza kujonga iintlobo ezahlukeneyo zokuhlaselwa kwe-cryptographic, ngokugxininisa kwimigaqo esisiseko. Ngokubanzi kwaye hayi ngolu hlobo, kodwa siya kugubungela oku kulandelayo:
- Amacebo asisiseko: amandla akhohlakeleyo, uhlalutyo lwamaza, ukuguqulwa, ukuthotywa kunye nemigaqo-nkqubo.
- Ubuthathaka obuphawulweyo: I-FREAK, ULWAPHULO-MTHETHO, POODLE, ROWN, Logjam.
- Ubuchule obukwinqanaba eliphezulu: ukuhlaselwa kwe-oracle (ukuhlaselwa kweVodenet, ukuhlasela kweKelsey); indlela yokuhlangana phakathi, ukuhlaselwa komhla wokuzalwa, ukuxhatshazwa kwamanani (i-cryptanalysis eyahlukileyo, i-cryptanalysis edibeneyo, njl.).
- Uhlaselo lwesitishi esisecaleni kunye nezihlobo zabo ezisondeleyo, iindlela zokuhlalutya ukungaphumeleli.
- Uhlaselo kwi-cryptography yesitshixo sikawonke-wonke: ingcambu ye-cube, ukusasazwa, umyalezo ohambelanayo, uhlaselo lwe-Coppersmith, i-algorithm ye-Pohlig-Hellman, i-sieve yenombolo, ukuhlaselwa kwe-Wiener, ukuhlaselwa kweBleichenbacher.
Eli nqaku lithile ligubungela izinto ezingasentla ukuya kuhlaselo lukaKelsey.
Amaqhinga asisiseko
Olu hlaselo lulandelayo lulula ngengqiqo yokuba lunokucaciswa phantse ngokupheleleyo ngaphandle kweenkcukacha ezininzi zobugcisa. Makhe sichaze uhlobo ngalunye lokuhlaselwa ngokwemigaqo elula, ngaphandle kokungena kwimizekelo enzima okanye iimeko zokusetyenziswa eziphambili.
Olunye olu hlaselo luphelelwe lixesha kwaye aluzange lusetyenziswe kangangeminyaka emininzi. Abanye ngabantu bakudala abasahlala bechwechwela abaphuhlisi be-cryptosystem abangaqapheliyo kwinkulungwane yama-21. Ixesha le-cryptography yale mihla linokuthathwa ngokuba liqalile ngokufika kwe-IBM DES, i-cipher yokuqala yokumelana nalo lonke uhlaselo kolu luhlu.
Amandla akhohlakeleyo alula
Inkqubo yoguqulelo oluntsonkothileyo inamacandelo amabini: 1) umsebenzi woguqulelo oluntsonkothileyo othatha umyalezo (umbhalo ongenanto) udityaniswe neqhosha emva koko uvelise umyalezo ofihliweyo—i-ciphertext; 2) umsebenzi wokuguqulela uguqulelo oluntsonkothileyo othatha i-ciphertext kunye nesitshixo kwaye uvelise umbhalo ocacileyo. Zombini i-encryption kunye ne-decryption kufuneka kube lula ukubala ngesitshixo-kwaye kube nzima ukuyiqonda ngaphandle kwayo.
Makhe sicinge ukuba sibona i-ciphertext kwaye sizame ukuyisusa ngaphandle kolwazi olongezelelweyo (oku kubizwa ngokuba luhlaselo lwe-ciphertext kuphela). Ukuba ngandlel’ ithile sifumana ngomlingo isitshixo esichanekileyo, sinokuqinisekisa ngokulula ukuba sichanekile ngokwenene ukuba isiphumo singumyalezo onengqiqo.
Qaphela ukuba kukho intelekelelo ezimbini ezingacacanga apha. Okokuqala, siyayazi indlela yokwenza i-decryption, oko kukuthi, indlela i-cryptosystem isebenza ngayo. Le yingcinga eqhelekileyo xa kuxoxwa nge-cryptography. Ukufihla iinkcukacha zokuphunyezwa kwe-cipher kubahlaseli kunokubonakala ngathi linyathelo elongezelelweyo lokhuseleko, kodwa xa umhlaseli efumene ezi nkcukacha, olukhuseleko olongezelelweyo lulahlekile kwaye lulahlekile ngokungenakuguqulwa. Nantso indlela : Inkqubo ewela ezandleni zotshaba akufanele ibangele ukuphazamiseka.
Okwesibini, sicinga ukuba isitshixo esichanekileyo siso kuphela isitshixo esiya kukhokelela kwi-decryption efanelekileyo. Oku kukwayintelekelelo efanelekileyo; iyaneliseka ukuba i-ciphertext inde kakhulu kunesitshixo kwaye iyafundeka. Oku kudla ngokwenzeka kwihlabathi lokwenyani, ngaphandle okanye (ukuba awukuthandi ukuchithwa kwethu kweengcaciso, nceda ujonge iTheorem 3.8 ).
Ukunikezelwa oku ngasentla, isicwangciso siyavela: khangela zonke izitshixo ezinokubakho. Oku kubizwa ngokuba yi-brute force, kwaye uhlaselo olunjalo luqinisekisiwe ukusebenza ngokuchasene nazo zonke ii-ciphers eziphathekayo - ekugqibeleni. Umzekelo, amandla akhohlakeleyo anele ukugqekeza , i-cipher yamandulo apho isitshixo singunobumba omnye wealfabhethi, okuthetha ukuba ngaphezu kwama-20 amaqhosha anokwenzeka.
Ngelishwa kwi-cryptanalysts, ukwandisa ubungakanani obuphambili kukukhusela okulungileyo kumandla akhohlakeleyo. Njengoko ubungakanani obuphambili bukhula, inani lezitshixo ezinokwenzeka landa ngokukhawuleza. Ngeesayizi eziphambili zanamhlanje, amandla alula angenakwenziwa ngokupheleleyo. Ukuqonda ukuba sithetha ukuthini, masithathe eyona khompyutha ikhawulezayo eyaziwayo ukusukela phakathi ku-2019: ukusuka kwi-IBM, kunye nokusebenza okuphezulu malunga nokusebenza kwe-1017 ngomzuzwana. Namhlanje, ubude beqhosha eliqhelekileyo buyi-128 bits, oku kuthetha ukuba i-2128 indibaniselwano enokwenzeka. Ukukhangela kuzo zonke izitshixo, iSummit supercomputer iya kufuna ixesha elimalunga namaxesha angama-7800 ubudala beNdalo yonke.
Ngaba amandla akhohlakeleyo afanele agqalwe njengomdla wembali? Akunjalo konke: isithako esiyimfuneko kwi-cryptanalysis cookbook. Kunqabile ukuba i-ciphers ibe buthathaka kangangokuba inokwaphulwa kuphela ngohlaselo olukrelekrele, ngaphandle kokusetyenziswa kwamandla ukuya kwinqanaba elinye okanye kwelinye. IiHacks ezininzi eziphumeleleyo zisebenzisa indlela ye-algorithmic ukwenza buthathaka i-cipher ekujoliswe kuyo kuqala, kwaye emva koko yenze uhlaselo lwamandla akhohlakeleyo.
Uhlalutyo lokuphindaphinda
Uninzi lwezicatshulwa azikho gibberish. Umzekelo, kwimibhalo yesiNgesi kukho oonobumba abaninzi ‘e’ namanqaku ‘the’; kwiifayile zokubini kukho iibytes ezininzi ezingenanto njenge padding phakathi kwamaqhekeza olwazi. Uhlalutyo lokuphindaphinda lulo naluphi na uhlaselo olusebenzisa le nyaniso.
Umzekelo we-canonical we-cipher esengozini kolu hlaselo yi-substitution cipher elula. Kule cipher, isitshixo yitafile enabo bonke oonobumba endaweni. Umzekelo, u-'g' uthatyathelw' indawo ngu-'h', 'o' endaweni yakhe ngu-j, ngoko ke igama elithi 'hamba' libe ngu-'hj'. Le cipher kunzima ukunyanzeliswa ngokuba zininzi iitafile zokujonga ezinokwenzeka. Ukuba unomdla kwizibalo, ubude besitshixo obusebenzayo bumalunga namasuntswana angama-88: oko
. Kodwa uhlalutyo lokuphindaphinda luqhele ukwenza umsebenzi wenziwe ngokukhawuleza.
Qwalasela le tekisi ilandelayo ye-cipher esetyenziwe ngoguqulelo olulula lwe-cipher:
XDYLY ALY UGLY XDWNKE WN DYAJYN ANF YALXD DGLAXWG XDAN ALY FLYAUX GR WN OGQL ZDWBGEGZDO
Ekubeni Y kwenzeka rhoqo, kubandakanywa ekupheleni kwamagama amaninzi, sinokucinga ukuba lo ngunobumba e:
XDeLe ALe UGLe XDWNKE WN DeAJeN ANF eALXD DGLAXWG XDAN ALe FLeAUX GR WN OGQL ZDWBGEGZDO
Ababini XD phinda-phinda ekuqaleni kwamagama amaninzi. Ngokukodwa, indibaniselwano XDeLe icebisa ngokucacileyo igama these okanye there, ngoko masiqhubeke:
theLe ALe UGLe thWNKE WN heAJeN ANF EALth DGLATWG kune ALe FLeAUt GR WN OGQL ZDWBGEGZDO
Masiphinde sicinge ukuba L соответствует r, A - a kwaye nangokunjalo. Kuya kuthatha imigudu embalwa, kodwa xa kuthelekiswa nohlaselo olupheleleyo lwamandla, olu hlaselo lubuyisela isicatshulwa soqobo ngephanyazo:
kukho izinto ezininzi ezulwini nasemhlabeni ngaphezu kokuba uphupha ngazo kwifilosofi yakho
Kwabanye, ukusombulula loo "cryptograms" yinto yokuzonwabisa enomdla.
Umbono wokuhlalutya rhoqo ubaluleke ngakumbi kunokuba ubonakala ekuqaleni. Kwaye isebenza kwii-ciphers ezintsonkothileyo ngakumbi. Ukutyhubela imbali, uyilo olwahlukeneyo lwe-cipher luye lwazama ukuchasana nohlaselo olunjalo kusetyenziswa "i-polyalphabetic substitution". Apha, ngexesha lenkqubo ye-encryption, itafile yokutshintshwa kweleta iguqulwa ngeendlela ezinzima kodwa eziqikelelwayo ezixhomekeke kwisitshixo. Zonke ezi ciphers zazijongwa kunzima ukuziqhawula ngaxeshanye; kwaye uphononongo oluthobekileyo lwamaza ekugqibeleni lwaboyisa bonke.
Eyona bhongo i-polyalphabetic cipher kwimbali, kwaye mhlawumbi eyona idumileyo, yayiyi-Enigma cipher yeMfazwe yesibini yeHlabathi. Yayintsokothile xa ithelekiswa neyandulelayo, kodwa emva kokusebenza nzima, i-cryptanalysts yaseBritane bayiqhekezile besebenzisa uhlalutyo lokuphindaphinda. Kakade ke, abakwazanga ukwenza uhlaselo oluhle olufana nolu luboniswe ngasentla; kwakufuneka bathelekise izibini ezaziwayo zombhalo ocacileyo kunye ne-ciphertext (ebizwa ngokuba "yi-plaintext attack"), bade baxhokonxe abasebenzisi be-Enigma ukuba bafihle imiyalezo ethile kwaye bahlalutye isiphumo ("uhlaselo olucacileyo olukhethiweyo"). Kodwa oku akuzange kuyenze ibe lula isiphelo semikhosi yotshaba eyoyisiweyo kunye neenkwili ezintywilayo.
Emva kolu loyiso, uhlalutyo oluphindaphindiweyo lwanyamalala kwimbali ye-cryptanalysis. Ii-ciphers kule mihla yedijithali ziyilelwe ukusebenza ngamasuntswana, hayi oonobumba. Okubaluleke ngakumbi, ezi zi-ciphers zenzelwe ukuqonda okumnyama kwento eyathi kamva yaziwa ngokuba : Nabani na unokwenza i-algorithm yokubethela abangenako ukuyiphula ngokwabo. Akwanelanga inkqubo yoguqulelo oluntsonkothileyo kwabonakala Kunzima: ukubonakalisa ukubaluleka kwayo, kufuneka kuhlaziywe ngokhuseleko olungenalusini ngabaninzi be-cryptanalysts abaya kwenza konke okusemandleni abo ukuqhekeza i-cipher.
Ubalo lokuqala
Masithathe isixeko esicingelwayo se-Precom Heights, abantu abangama-200. Indlu nganye esixekweni inomndilili wezinto zexabiso ezixabisa i-$000, kodwa akukho ngaphezu kwe-$30 yezinto zexabiso. Imarike yokhuseleko e-Precom ilawulwa yi-ACME Industries, evelisa izitshixo zamacango zaseCoyote™. Ngokutsho kohlalutyo lweengcali, i-lock yeklasi ye-Coyote inokwaphulwa kuphela ngumatshini oqikelelwayo onzima kakhulu, ukuyilwa kwayo kuya kufuna malunga neminyaka emihlanu kunye ne-$ 000 yotyalo-mali. Ngaba isixeko sikhuselekile?
Ngokunokwenzeka hayi. Ekugqibeleni, kuya kuvela isaphuli-mthetho esinamabhongo. Uya kuqiqa ngolu hlobo: “Ewe, ndiya kuhlawula iindleko ezinkulu. Iminyaka emihlanu yokulinda isigulana, kunye ne-$50. Kodwa xa ndigqibile, ndiza kuba nokufikelela bonke ubutyebi balo mzi. Ukuba ndidlala kakuhle amakhadi am, olu tyalo-mali luya kuzihlawulela amaxesha amaninzi.”
Kukwanjalo nakwi-cryptography. Uhlaselo oluchasene ne-cipher ethile luxhomekeke kuhlalutyo olungenanceba lweendleko-inzuzo. Ukuba umlinganiselo ulungile, uhlaselo aluyi kwenzeka. Kodwa uhlaselo olusebenza ngokuchasene namaxhoba amaninzi anokubakho ngaxeshanye phantse luhlala luhlawula, apho eyona ndlela yoyilo loyilo kukucinga ukuba baqale kusuku lokuqala. Into esinayo ngokusisiseko inguqulelo ye-cryptographic yoMthetho kaMurphy: "Nantoni na enokwaphula inkqubo iya kwaphula inkqubo."
Owona mzekelo ulula we-cryptosystem esemngciphekweni wohlaselo lwe-precomputation yi-cipher engapheliyo-keyless. Oku kwaba njalo , ethi itshintshe ngokulula unobumba ngamnye wealfabhethi oonobumba abathathu phambili (itheyibhile ijikeleziwe, ngoko unobumba wokugqibela kwialfabhethi ufihliwe okwesithathu). Apha kwakhona umgaqo we-Kerchhoffs uyaqala ukusebenza: nje ukuba inkqubo iqhekeziwe, iqhekezwa ngonaphakade.
Ingcamango ilula. Nokuba umphuhlisi we-cryptosystem we-novice uya kuqaphela isoyikiso kwaye alungiselele ngokufanelekileyo. Ukujonga ukuvela kwe-cryptography, uhlaselo olunjalo lwalungafanelekanga kuninzi lwe-ciphers, ukusuka kwiinguqulelo zokuqala eziphuculweyo ze-Caesar cipher de kube kwehla kwe-polyalphabetic ciphers. Uhlaselo olunjalo lwabuya kuphela ekufikeni kwexesha langoku le-cryptography.
Le mbuyekezo ibangelwa yimiba emibini. Okokuqala, i-cryptosystems entsonkothileyo ngokwaneleyo ekugqibeleni yavela, apho ukuxhaphazwa okunokwenzeka emva kokugqekeza kwakungabonakali. Okwesibini, i-cryptography yanda kakhulu kangangokuba izigidi zabantu zenza izigqibo mihla le malunga nokuba zeziphi iindawo zokuphinda zisetyenziswe kwakhona. Kwathatha ixesha ngaphambi kokuba iingcali ziqaphele umngcipheko kwaye ziphakamise i-alamu.
Khumbula uhlaselo lwe-precomputation: ekupheleni kwenqaku siza kujonga imizekelo emibini yenyani ye-cryptographic apho idlale indima ebalulekileyo.
Ukutolika
Nanku umcuphi odumileyo uSherlock Holmes, esenza uhlaselo kuGqr. Watson.
Ngoko nangoko ndaqikelela ukuba uvela e-Afghanistan... Uloliwe wam wengcinga waba ngolu hlobo lulandelayo: “Le ndoda ingugqirha ngokohlobo oluthile, kodwa inomsebenzi wasemkhosini. Ngoko ke, ugqirha wasemkhosini. Usanda kufika evela kwiindawo ezitshatyalaliswayo - ubuso bakhe bubumnyama, kodwa oku akusiyo umthunzi wendalo wesikhumba sakhe, ekubeni izihlahla zakhe zimhlophe kakhulu. Ubuso bakhe bubomvu—ngokucacileyo, uye wabandezeleka kakhulu yaye ukhathazwa kukugula. Wonzakele kwisandla sakhe sasekhohlo - usibambe singashukumi kwaye kancinci ngokungekho ngokwemvelo. Kuphi kweleenjiko ugqirha womkhosi wamaNgesi anokunyamezela ubunzima aze enzekala? Ewe kunjalo, eAfghanistan. " Uloliwe wonke wengcinga awuzange uthabathe nomzuzwana. Kwaye ke ndathi uvela e-Afghanistan, kwaye wothuka.
UHolmes unokukhupha ulwazi oluncinci kakhulu kwisiqwenga ngasinye sobungqina. Wayenokufikelela kwisigqibo sakhe kuphela ngokuziqwalasela zonke kunye. Uhlaselo lwe-interpolation lusebenza ngokufanayo ngokuphonononga umbhalo ocacileyo owaziwayo kunye nezibini ze-ciphertext eziphuma kwiqhosha elifanayo. Ukusuka kwisibini ngasinye, ukuqwalaselwa komntu ngamnye kukhutshwa okuvumela ukuba kugqitywe ngokubanzi malunga nesitshixo esiza kutsalwa. Zonke ezi zigqibo azicacanga kwaye zibonakala zingenamsebenzi de ngequbuliso zifikelele kubunzima obunzima kwaye zikhokelela kwisigqibo esinokwenzeka: nokuba ingakholeleki kangakanani, kufuneka ibe yinyani. Emva koku, nokuba kutyhilwe isitshixo, okanye inkqubo yokuguqulelwa kwentsonkotha iyacocwa kangangokuba inokuphinda iphindwe.
Masibonise ngomzekelo olula ukuba uguqulelo lusebenza njani. Masithi sifuna ukufunda idayari yotshaba lwethu, uBob. Ubhala zonke iinombolo kwidayari yakhe esebenzisa i-cryptosystem elula awayifundayo kwintengiso kwiphephancwadi elithi "A Mock of Cryptography." Inkqubo isebenza ngolu hlobo: UBob ukhetha amanani amabini awathandayo: и . Ukusukela ngoku ukuya phambili, ukufihla naliphi na inani , iyabala . Umzekelo, ukuba uBob ukhethe и , emva koko inani izakuguqulelwa ngokuntsonkothileyo njenge .
Masithi nge-28 kaDisemba saqaphela ukuba uBob wayekrwela into kwidayari yakhe. Xa egqibile, siya kuyithabatha ngokuzolileyo kwaye sibukele ingeniso yokugqibela:
Umhla:
235/520Molo Dayari,
Namhlanje bekumnandi. Ngokusebenzisa
64namhlanje ndino Date no Alisa ohlala eflethini843. Ndicinga ukuba unokuba nguye26!
Kuba sizimisele kakhulu ngokulandela uBob ngomhla wakhe (sobabini si-15 kule meko), kubalulekile ukwazi umhla kunye nedilesi ka-Alice. Ngethamsanqa, siqaphela ukuba i-cryptosystem kaBob isesichengeni sohlaselo lokungenelela. Sisenokuba asazi и , kodwa siyawazi umhla wanamhlanje, ngoko sinezibini ezibini zombhalo ocacileyo. Oko kukuthi, siyayazi loo nto iguqulelwe ngokuntsonkothileyo ngaphakathi , kwaye - ngaphakathi . Nantsi into esiza kuyibhala phantsi:
Ekubeni sineminyaka eyi-15 ubudala, sele sisazi malunga nenkqubo yee-equations ezimbini kunye nezinto ezimbini ezingaziwayo, kule meko ngokwaneleyo ukufumana и ngaphandle kweengxaki. Isiqendu ngasinye sombhalo ocacileyo-ciphertext sibeka umqobo kwisitshixo sikaBob, kwaye imiqobo emibini kunye yanele ukubuyisela ngokupheleleyo isitshixo. Kumzekelo wethu impendulo ithi и (kwe , ke 26 kwidayari ihambelana negama elithi 'enye', oko kukuthi, "efanayo" - malunga. indlela).
Kakade ke, uhlaselo lwe-interpolation aluphelelanga nje kwimizekelo elula ngolo hlobo. Yonke i-cryptosystem enciphisa into eqondwa kakuhle yemathematika kunye noluhlu lweparameters lusengozini yokuhlaselwa kwe-interpolation-into eqondakalayo ngakumbi, ingozi enkulu.
Abantu abafikayo badla ngokukhalaza ngelithi i-cryptography “bubugcisa bokuyila izinto zibe mbi kangangoko kunokwenzeka.” Ukuhlaselwa kwe-interpolation mhlawumbi kubangelwa ubukhulu becala. UBob unokusebenzisa uyilo oluhle lwemathematika okanye agcine umhla wakhe noAlice ngasese-kodwa yeha, awunakukwazi ukuba nazo zombini iindlela. Oku kuya kucaca ngokucacileyo xa ekugqibeleni sifika kwisihloko se-cryptography yesitshixo sikawonkewonke.
Iprothokholi yoMnqamlezo/ukwehlisa umgangatho
Kungoku Undibona (ngo-2013), iqela labantu abanganyanisekanga lizama ukurhwaphiliza isikhulu se-inshurensi esirhwaphilizayo u-Arthur Tressler ukuba akhuphe ubutyebi bakhe bonke. Ukufumana ukufikelela kwi-akhawunti yebhanki ka-Arthur, abakhohlisayo kufuneka banike igama lomsebenzisi kunye negama lokugqitha okanye bamnyanzele ukuba avele ngokwakhe ebhankini kwaye athathe inxaxheba kwisikimu.
Zombini iinketho zinzima kakhulu; Abafana basetyenziselwa ukwenza eqongeni, kwaye bangathathi nxaxheba kwimisebenzi yengqondo. Ngoko bakhetha ukhetho lwesithathu olunokwenzeka: iqabane labo libiza ibhanki kwaye lizenza ngathi ngu-Arthur. Ibhanki ibuza imibuzo emininzi ukuqinisekisa ukuba ngubani, njengegama likamalume kunye negama lesilwanyana sokuqala; amaqhawe ethu kwangaphambili . Ukusukela kweli nqanaba ukuya phambili, ukhuseleko olugqwesileyo lwe-password alusenamsebenzi.
(Ngokutsho kwentsomi yasezidolophini esiye sayingqina ngokobuqu saza sayiqinisekisa, u-Criptographer uEli Beaham wakha wadibana nomthengisi wasebhankini owagxininisa ekubuzeni umbuzo wokhuseleko. Xa umxeli wabuza igama likaninakhulu ozala unina, uBeaham waqalisa ukuthetha: “I-Capital X. encinci y, ntathu ... ").
Kuyafana nakwi-cryptography, ukuba iiprothokholi ezimbini ze-cryptographic zisetyenziswa ngokufanayo ukukhusela i-asethi efanayo, kwaye enye ibuthathaka kakhulu kunomnye. Inkqubo ephumayo iba sesichengeni kuhlaselo lweprotocol, apho iprotocol ebuthathaka ihlaselwe ukuze ifumane ibhaso ngaphandle kokuchukumisa lowo unamandla.
Kwezinye iimeko ezinzima, akwanele ukuba uqhagamshelane nje nomncedisi usebenzisa iprotocol ebuthathaka, kodwa ifuna ukuthatha inxaxheba okungafunekiyo komxhasi osemthethweni. Oku kunokucwangciswa kusetyenziswa into ebizwa ngokuba yi-downgrade attack. Ukuqonda olu hlaselo, makhe sicinge ukuba abakhohlisi bethu banomsebenzi onzima ngakumbi kunakwifilimu. Makhe sicinge ukuba umsebenzi wasebhankini (ophethe imali) kunye no-Arthur baye badibana neemeko ezingalindelekanga, ezibangele le ngxoxo ilandelayo:
Umqhathi: Mholo? Lo ngu-Arthur Tressler. Ndingathanda ukuseta ngokutsha igama lam lokugqithisa.
Umgcini-mali: Kakhulu. Nceda ujonge incwadi yakho yemfihlo yobuqu, iphepha 28, igama 3. Yonke imiyalezo elandelayo iya kufihlwa kusetyenziswa eli gama likhethekileyo njengeqhosha. PQJGH. I-LOTJNAM PGGY MXVRL ZZLQ SRIU HHNMLPPPV...
Umqhathi: Heyi, yima, yima. Ngaba oku kuyimfuneko ngokwenene? Ngaba asinakuthetha nje njengabantu abaqhelekileyo?
Umgcini-mali: Andikukhuthazi ukwenza oku.
Umqhathi: Ndivele...jonga, bendinemini ebuhlungu, kulungile? Ndingumxhasi weVIP kwaye andikho semoyeni wokugrumba ezi ncwadi zekhowudi zobudenge.
Umgcini-mali: Kulungile. Ukuba uyanyanzelisa, Mnu. Tressler. Ingaba ufuna ntoni?
Umqhathi: Nceda, ndingathanda ukunikela ngayo yonke imali yam kwi-Arthur Tressler National Victims Fund.
(Misa).
Umgcini-mali: Icacile ngoku. Nceda unikeze i-PIN yakho kwiintengiselwano ezinkulu.
Umqhathi: Yintoni yam?
Umgcini-mali: Ngokwesicelo sakho sobuqu, utshintshiselwano ngolu hlobo lufuna i-PIN yeetransekshini ezinkulu. Le khowudi uyinikwe xa wawuvula iakhawunti yakho.
Umqhathi:... Ndiphulukene nayo. Ngaba oku kuyimfuneko ngokwenene? Ngaba awukwazi ukuvuma isivumelwano?
Umgcini-mali: Hayi. Uxolo, Mnu. Tressler. Kwakhona, lo ngumlinganiselo wokhuseleko owucelileyo. Ukuba uyafuna, singakuthumela ikhowudi entsha ye-PIN kwibhokisi yakho yeposi.
Amaqhawe ethu ahlehlisa utyando. Bamamela uninzi lwentengiselwano ezinkulu zikaTressler, benethemba lokuva i-PIN; kodwa ngalo lonke ixesha incoko ijika ibe yi-coded gibberish phambi kokuba kuthethwe nantoni na enika umdla. Ekugqibeleni, ngenye imini entle, isicwangciso siyasetyenziswa. Balinda ngomonde ixesha apho uTressler kufuneka enze intengiselwano enkulu ngefowuni, afike emgceni, emva koko...
Tressler: Mholo. Ndingathanda ukugqiba intengiselwano ekude, nceda.
Umgcini-mali: Kakhulu. Nceda ujonge incwadi yakho yekhowudi eyimfihlo, iphepha...
(Isela licofa iqhosha; ilizwi le-cashier lijika libe yingxolo engaqondakaliyo).
Umgcini-mali: - #@$#@$#*@$$@#* iya kuguqulelwa ngokuntsonkothileyo ngeli gama njengesitshixo. AAAYRR PLRQRZ MMNJK LOJBAN...
Tressler: Uxolo, khange ndiqonde ncam. Kwakhona? Kweliphi iphepha? Liliphi igama?
Umgcini-mali: Eli liphepha @#$@#*$)#*#@()#@$(#@*$(#@*.
Tressler: Yintoni?
Umgcini-mali: Inombolo yegama engamashumi amabini @$#@$#%#$.
Tressler: Ngokunyanisekileyo! Kwanele kakade! Wena kunye neprotocol yakho yokhuseleko yintwana yesekisi. Ndiyazi ukuba ungathetha nam nje ngesiqhelo.
Umgcini-mali: andicebisi...
Tressler: Kwaye andikucebisi ukuba uchithe ixesha lam. Andifuni kuva kwakhona malunga nale nto de ulungise iingxaki ngefowuni yakho. Ngaba singayigqibezela le ndibano okanye hayi?
Umgcini-mali:… Ewe. Kulungile. Ingaba ufuna ntoni?
Tressler: Ndingathanda ukudlulisela i-$20 kwi-Lord Business Investments, inombolo ye-akhawunti...
Umgcini-mali: Umzuzu omnye, nceda. Yinto enkulu. Nceda unikeze i-PIN yakho kwiitransekshini ezinkulu.
Tressler: Intoni? Owu, ngokuchanekileyo. 1234.
Nalu uhlaselo oluhlayo. Iprotocol ebuthathaka "thetha nje ngokuthe ngqo" yayibonwa njenge ukhetho kwimeko kaxakeka. Kwaye nangoku silapha.
Usenokuzibuza ukuba ngubani osezingqondweni zabo oza kuyila eyona nkqubo “ekhuselekileyo de ibuzwe ngenye indlela” njengale ichazwe ngasentla. Kodwa kanye njengokuba ibhanki yentsomi ithatha emngciphekweni ukugcina abathengi abangathandi i-cryptography, iinkqubo ngokubanzi zihlala zitsalela kwiimfuno ezingakhathaliyo okanye ezichasene nokhuseleko.
Yile nto kanye eyenzekayo ngeSSLv2 protocol ngo-1995. Urhulumente wase-US kudala eqala ukujonga i-cryptography njengesixhobo esigcinwe kude neentshaba zangaphandle nezasekhaya. Iziqwenga zekhowudi zavunywa ngabanye ukuba zithunyelwe ngaphandle zisuka eUnited States, ngokuqhelekileyo kunye nemeko yokuba i-algorithm yenziwe buthathaka ngabom. I-Netscape, umphuhlisi wesona sikhangeli sidumileyo, i-Netscape Navigator, wanikwa imvume ye-SSLv2 kuphela ngesitshixo esisesichengeni se-512-bit RSA (kunye ne-40-bit ye-RC4).
Ekupheleni kwewaka leminyaka, imithetho yayiye yakhululeka kwaye ukufikelela kwi-encryption yanamhlanje kwafumaneka ngokubanzi. Nangona kunjalo, abathengi kunye nabancedisi baye baxhasa i-cryptography "yokuthunyelwa ngaphandle" ebuthathaka iminyaka ngenxa ye-inertia efanayo egcina inkxaso kuyo nayiphi na inkqubo yelifa. Abathengi bakholelwa ukuba banokudibana nomncedisi ongaxhasi nantoni na enye. Abancedisi benze okufanayo. Ngokuqinisekileyo, i-protocol ye-SSL iyalela ukuba abathengi kunye neeseva akufuneki basebenzise iprotocol ebuthathaka xa enye ifumaneka. Kodwa kwaesi siseko sisebenza kwiTressler kunye nebhanki yakhe.
Le ithiyori yafumana indlela yayo yohlaselo oluphezulu oluye lwashukumisa ukhuseleko lweprotocol ye-SSL ngo-2015, zombini ezifunyenwe ngabaphandi beMicrosoft kunye . Okokuqala, iinkcukacha zohlaselo lwe-FREAK zatyhilwa ngoFebruwari, zilandelwa emva kweenyanga ezintathu ngolunye uhlaselo olufanayo olubizwa ngokuba yi-Logjam, esiza kuxoxa ngalo ngokubanzi xa siqhubela phambili ekuhlaselweni kwe-cryptography engundoqo yoluntu.
Ukuba sesichengeni (ekwaziwa ngokuba yi "Smack TLS") yavela yacaca xa abaphandi babehlalutya uphunyezo lomxumi we-TLS/umncedisi kwaye bafumanisa ibug enomdla. Kolu phunyezo, ukuba umxhasi akade acele ukusebenzisa i-cryptography ebuthathaka yokuthumela ngaphandle, kodwa umncedisi usaphendula ngezitshixo ezinjalo, umxhasi uthi "Owu kulungile" kwaye utshintshele kwi-cipher suite ebuthathaka.
Ngelo xesha, i-cryptography yokuthumela ngaphandle yayijongwa ngokubanzi njengento ephelelwe yisikhathi kwaye ivaliwe, ngoko ke uhlaselo lweza njengomothuko olupheleleyo kwaye lwachaphazela imimandla emininzi ebalulekileyo, kuquka i-White House, i-IRS, kunye neendawo ze-NSA. Okubi nangakumbi, kwavela ukuba uninzi lweeseva ezisesichengeni beziphucula ukusebenza ngokuphinda zisebenzise izitshixo ezifanayo endaweni yokuvelisa amatsha kwiseshoni nganye. Oku kwenza ukuba, emva kokuthotywa kweprotocol, ukuphumeza uhlaselo lwangaphambi kokubala: ukukrazula isitshixo esinye sahlala sibiza kakhulu (i-$ 100 kunye neeyure ze-12 ngexesha lokupapashwa), kodwa iindleko ezisebenzayo zokuhlasela uxhulumaniso zancitshiswa kakhulu. Kwanele ukuqikelela iqhosha leseva kube kanye kwaye uqhekeze uguqulelo oluntsonkothileyo kulo lonke uqhagamshelo olulandelayo ukusuka kulo mzuzu ukuya phambili.
Kwaye ngaphambi kokuba siqhubele phambili, kukho uhlaselo oluphambili olufuna ukukhankanywa...
Uhlaselo lweOracle
owaziwa kakhulu ngokuba nguyise we-cross-platform ye-crypto yemiyalezo ye-app Signal; kodwa thina ngokobuqu siyayithanda enye yeendlela zakhe ezintsha ezingaziwayo: (Umgaqo weDoom weCriptographic). Ukucacisa kancinci, sinokuthi: "Ukuba iprotocol iyasebenza nayiphi na yenza umsebenzi we-cryptographic kumyalezo ovela kumthombo onobungozi kwaye uziphatha ngendlela eyahlukileyo ngokuxhomekeke kwisiphumo, ugwetyiwe." Okanye ngendlela ebukhali: "Musa ukuthatha ulwazi oluvela kutshaba ukuze lusetyenzwe, kwaye ukuba kuya kufuneka, ke ungabonisi siphumo."
Masiyishiye ecaleni isithinteli sokuphuphuma, isitofu somyalelo, nokunye okunjalo; bangaphaya kwemida yale ngxoxo. Ukwaphulwa komgaqo-nkqubo we-doom kukhokelela kwi-cryptography hacks enzulu ngenxa yokuba iprotocol iziphatha kanye njengoko kulindelekile.
Njengomzekelo, makhe sithathe uyilo olungeyonyani kunye ne-cipher endaweni esengozini, kwaye emva koko sibonise uhlaselo olunokwenzeka. Nangona sele sibonile ukuhlaselwa kwi-substitution cipher usebenzisa uhlalutyo lwamaxesha amaninzi, akukhona nje "enye indlela yokuqhawula i-cipher efanayo." Ngokwahlukileyo, ukuhlaselwa kwe-oracle yinto eqanjiweyo yanamhlanje esebenza kwiimeko ezininzi apho uhlalutyo lwama-frequency lusilela, kwaye siya kubona umboniso wale nto kwicandelo elilandelayo. Apha i-cipher elula ikhethwa kuphela ukwenza umzekelo ucace ngakumbi.
Ngoko u-Alice noBob bayanxibelelana besebenzisa i-cipher elula yokutshintsha besebenzisa isitshixo esaziwa ngabo kuphela. Bangqongqo kakhulu malunga nobude bemiyalezo: inoonobumba abangama-20 kanye ubude. Ke bavumile ukuba umntu ufuna ukuthumela umyalezo omfutshane, kufuneka bongeze iteksti eyidummy ekupheleni komyalezo ukuze ube ngoonobumba abangama-20 kanye. Emva kwengxoxo ethile, bagqiba kwelokuba baza kwamkela ezi zibhalo zilandelayo: a, bb, ccc, dddd njl
Xa uAlice okanye uBob efumana umyalezo, baqale bajonge ukuba umyalezo ububude obuchanekileyo (oonobumba abangama-20) nokuba isimamva sisicatshulwa esichanekileyo. Ukuba oku akunjalo, ngoko baphendula ngomyalezo wephutha ofanelekileyo. Ukuba ubude bombhalo kunye nokubhaliweyo okufihlakeleyo kulungile, umamkeli ufunda umyalezo ngokwawo kwaye athumele impendulo entsonkothileyo.
Ngexesha lohlaselo, umhlaseli uzenza uBob kwaye athumele imiyalezo yobuxoki kuAlice. Imiyalezo ibubudenge obupheleleyo - umhlaseli akanaso isitshixo kwaye ke akanakuqamba umyalezo onentsingiselo. Kodwa ekubeni iprotocol yaphula umgaqo wedoom, umhlaseli usenomgibe u-Alice aveze ulwazi oluphambili, njengoko kubonisiwe ngezantsi.
Umqhathi:
PREWF ZHJKL MMMN. LAUAlice: Umbhalo ongekho mthethweni.
Umqhathi:
PREWF ZHJKL MMMN. LBUAlice: Umbhalo ongekho mthethweni.
Umqhathi:
PREWF ZHJKL MMMN. LCUAlice:
ILCT? TLCT RUWO PUT KCAW CPS OWPOW!
Umqhekezi akanalo nofifi lokuba uAlice utheni, kodwa uyaqaphela ukuba isimboli C kufuneka zihambelane a, ekubeni u-Alice wamkela isicatshulwa se-dummy.
Umqhathi:
REWF ZHJKL MMMN. LAAUAlice: Umbhalo ongekho mthethweni.
Umqhathi:
REWF ZHJKL MMMN. LBBUAlice: Umbhalo ongekho mthethweni.
Emva kwemizamo emininzi...
Umqhathi:
REWF ZHJKL MMMN. LGGUAlice: Umbhalo ongekho mthethweni.
Umqhathi:
REWF ZHJKL MMMN. LHHUAlice:
TLQO JWCRO FQAW SUY LCR C OWQXYJW. IW PWWR TU TCFA CHUYT TLQO JWFCTQUPOLQZ.
Kwakhona, umhlaseli akanalo nofifi lokuba u-Alice utheni, kodwa uyaqaphela ukuba u-H kufuneka atshatise u-b okoko u-Alice esamkele isicatshulwa esiyidummy.
Kwaye njalo de umhlaseli uyazi intsingiselo yomlinganiswa ngamnye.
Ekuboneni kokuqala, le ndlela ifana nohlaselo olucacileyo olukhethiweyo. Ekugqibeleni, umhlaseli ukhetha i-ciphertexts, kwaye umncedisi uyaziqhuba ngokuthobela. Umahluko ophambili owenza ukuba olu hlaselo lusebenze kwihlabathi lenene kukuba umhlaseli akafuni ukufikelela kwi-transcript yangempela-impendulo yomncedisi, nokuba enye ingenacala njenge "isicatshulwa esingavumelekanga," yanele.
Ngelixa olu hlaselo luthile luyafundisa, musa ukuxhonywa kakhulu kwiinkcukacha zenkqubo ye "dummy text", i-cryptosystem ethile esetyenzisiweyo, okanye ulandelelwano oluchanekileyo lwemiyalezo ethunyelwe ngumhlaseli. Ingcamango esisiseko yindlela u-Alice asabela ngayo ngokwahlukileyo ngokusekelwe kwiipropati zombhalo ocacileyo, kwaye wenza njalo ngaphandle kokuqinisekisa ukuba i-ciphertext ehambelanayo ngokwenene ivela kwiqela elithembekileyo. Ke, uAlice uvumela umhlaseli ukuba acudise ulwazi oluyimfihlo kwiimpendulo zakhe.
Kuninzi okunokutshintshwa kule meko. Iisimboli u-Alice asabela kuzo, okanye owona mahluko kwindlela aziphatha ngayo, okanye nakwi-cryptosystem esetyenziswayo. Kodwa umgaqo uya kuhlala ufana, kwaye uhlaselo lulonke luya kuhlala lusebenza ngendlela enye okanye enye. Ukuphunyezwa okusisiseko kolu hlaselo kuncede ukutyhila iibugs ezininzi zokhuseleko, esiza kuzijonga kungekudala; kodwa kuqala kukho izifundo ezithile zethiyori ekufuneka zifundwe. Uyisebenzisa njani le "iskripthi sika-Alice" esiyintsomi kuhlaselo olunokusebenza kwi-cipher yokwenyani yanamhlanje? Ngaba oku kunokwenzeka, nangokwengcamango?
Ngowe-1998, umbhali waseSwitzerland uDaniel Bleichenbacher waphendula lo mbuzo ngokuvumayo. Wabonisa uhlaselo lwe-oracle kwi-cryptosystem ye-cryptosystem esetyenziswa ngokubanzi yoluntu, esebenzisa isikimu somyalezo othile. Kolunye uphumezo lweRSA, umncedisi uphendula ngemiyalezo yemposiso eyahlukileyo ngokuxhomekeke ekubeni umbhalo ongenanto uhambelana nenkqubo okanye hayi; oku kwanele ukwenza uhlaselo.
Kwiminyaka emine kamva, ngo-2002, i-cryptographer yesiFrentshi uSerge Vaudenay wabonisa uhlaselo lwe-oracle oluphantse lufane nolo luchazwe kwi-Alice scenario ngasentla - ngaphandle kokuba endaweni ye-fictitious cipher, waqhekeza udidi oluhloniphekileyo lwee-ciphers zanamhlanje ezisetyenziswa ngabantu. Ngokukodwa, uhlaselo lukaVaudenay lujolise kwi-fixed input size ciphers ("block ciphers") xa zisetyenziswa kwinto ebizwa ngokuba yi "CBC encryption mode" kunye neskimu esithile esithandwayo se-padding, ngokusisiseko silingana naleyo ikwimeko ka-Alice.
Kwakhona kwi-2002, i-cryptographer yaseMelika uJohn Kelsey wabhala ngokubambisana -Icebise ngohlaselo olwahlukeneyo lwe-oracle kwiinkqubo ezicinezela imiyalezo kwaye emva koko bayifihle. Eyona nto iphawuleka ngakumbi phakathi kwezi yayiluhlaselo olwathabatha ithuba lokuba ngokufuthi kunokwenzeka ukuthelekelela ubude besicatshulwa santlandlolo ukusuka kubude besicatshulwa. Ngokwethiyori, oku kuvumela uhlaselo lwe-oracle olufumana iinxalenye zombhalo ocacileyo wokuqala.
Ngezantsi sinika inkcazo ecacileyo yokuhlaselwa kweVaudenay kunye noKelsey (siya kunika inkcazo ecacileyo yokuhlaselwa kweBleichenbacher xa siqhubela phambili ekuhlaselweni kwe-cryptography engundoqo yoluntu). Nangona sizama kangangoko, isicatshulwa siba nobuchwephesha noko; ke ukuba oku kungentla kwanele kuwe, tsiba amacandelo amabini alandelayo.
Ukuhlaselwa kukaVodene
Ukuqonda uhlaselo lweVaudenay, okokuqala kufuneka sithethe kancinci malunga neebhloko ze-ciphers kunye neendlela zokufihla. "I-block cipher", njengoko kukhankanyiwe, i-cipher ethatha isitshixo kunye negalelo lobude obusisigxina ("ubude bebhloko") kwaye ivelise ibhloko efihliweyo yobude obufanayo. Iibhloko ze-ciphers zisetyenziswa kakhulu kwaye zithathwa njengezikhuselekileyo. I-DES ngoku esele isidla umhlala-phantsi, ethathwa njengeyokuqala i-cipher yale mihla, yayiyibhloko ye-cipher. Njengoko kukhankanyiwe ngasentla, kuyafana nakwi-AES, esetyenziswa ngokubanzi namhlanje.
Ngelishwa, iibhloko ze-ciphers zinobuthathaka obuthile. Ubungakanani bebhloko obuqhelekileyo bungamabhithi angama-128, okanye abalinganiswa abali-16. Ngokucacileyo, i-cryptography yanamhlanje ifuna ukusebenza ngedatha enkulu yokufaka, kwaye kulapho iindlela zokufihlakala zingena khona. Imowudi yoguqulelo oluntsonkothileyo luqhekezo: yindlela ethile yokufaka ibhloko ye-cipher eyamkela kuphela igalelo lobungakanani obuthile kwigalelo lobude obungenasizathu.
Uhlaselo lukaVodene lugxile kwi-CBC eyaziwayo (i-Cipher Block Chaining) indlela yokusebenza. Uhlaselo luphatha i-cipher yebhloko engaphantsi njengomlingo, ibhokisi emnyama engenakuchukunyiswa kwaye iludlula ngokupheleleyo ukhuseleko lwayo.
Nanku umzobo obonisa indlela esebenza ngayo imo ye-CBC:
Ukudibanisa okusangqa kubonisa ukusebenza kwe-XOR (okukodwa OKANYE). Umzekelo, ibhloko yesibini ye-ciphertext ifunyenwe:
- Ngokwenza umsebenzi we-XOR kwibhloko yombhalo ongenanto wesibini ngebhloko yokuqala ye-ciphertext.
- Uguqulela ngokuntsonkothileyo ibhloko enesiphumo ngebhloko ye-cipher usebenzisa isitshixo.
Kuba i-CBC yenza usebenziso olunzima kangako lwe-XOR yokubini, masithathe umzuzwana sikhumbule ezinye zeepropathi zayo:
- Ubungenamandla:
- Utshintsho:
- Unxulumano:
- Ukuzibuyisela umva:
- Ukubalwa kwe-byte: byte n ye = (byte n ye ) (byte n ye )
Ngokwesiqhelo, ezi zakhiwo zithetha ukuba ukuba sineequation ebandakanya imisebenzi ye-XOR kunye nenye engaziwayo, inokusombulula. Umzekelo, ukuba siyayazi loo nto kunye nongaziwayo nodumileyo и , ngoko ke sinokuthembela kwiipropati ezikhankanywe ngasentla ukusombulula inxaki . Ngokusebenzisa i-XOR kumacala omabini enxaki nge , sifumana . Konke oku kuya kuba yimfuneko kakhulu ngephanyazo.
Kukho iiyantlukwano ezimbini ezincinci kunye nomohluko omnye omkhulu phakathi kwemeko yethu ka-Alice kunye nohlaselo lukaVaudenay. Ababini abancinci:
- Kwiskripthi, u-Alice wayelindele ukuba imibhalo ecacileyo iphele kunye nabalinganiswa
a,bb,ccckwaye nangokunjalo. Kuhlaselo lwe-Wodene, ixhoba endaweni yoko lilindele ukuba i-plaintexts iphele ngamaxesha e-N kunye ne-N byte (oko kukuthi, i-hexadecimal 01 okanye i-02 02, okanye i-03 03 03, njalo njalo). Lo ngumahluko wokuthambisa kuphela. - Kwimeko ka-Alice, kwakulula ukuxelela ukuba u-Alice uwamkele umyalezo ngempendulo ethi "Isicatshulwa esingalunganga." Ekuhlaselweni kweVodene, uhlalutyo olongezelelweyo luyafuneka kwaye ukuphunyezwa ngokuchanekileyo kwicala lexhoba kubalulekile; kodwa ngenxa yobufutshane, masiyithathe njengento yokuba olu hlalutyo lusenokwenzeka.
Umahluko ophambili:
- Ekubeni singasebenzisi i-cryptosystem efanayo, ubudlelwane phakathi komhlaseli olawulwa yi-ciphertext bytes kunye neemfihlo (isitshixo kunye nesicatshulwa esicacileyo) ngokuqinisekileyo kuya kwahluka. Ngoko ke, umhlaseli uya kufuneka asebenzise isicwangciso esahlukileyo xa edala i-ciphertexts kunye nokutolika iimpendulo zeseva.
Lo mahluko mkhulu liqhekeza lokugqibela lephazili ukuqonda uhlaselo lweVaudenay, ke masicinge okomzuzwana malunga nokuba kutheni kwaye uhlaselo lwe-oracle kwi-CBC lunokwenzeka njani.
Masithi sinikwe i-CBC ciphertext yeebhloko ezingama-247, kwaye sifuna ukuyicima. Sinokuthumela imiyalezo engeyonyani kwiseva, kanye njengokuba sinokuthumela imiyalezo engeyonyani kuAlice ngaphambili. Umncedisi uya kucima imiyalezo yethu, kodwa akayi kubonisa ukuguqulelwa kwekhowudi - endaweni yoko, kwakhona, njengo-Alice, umncedisi uya kunika ingxelo enye kuphela yolwazi: nokuba umbhalo ocacileyo une-padding esebenzayo okanye hayi.
Cinga ukuba kwimeko ka-Alice sasinobudlelwane obulandelayo:
$$display$$text{SIMPLE_SUBSTITUTION}(okubhaliweyo{ciphertext},text{isitshixo}) = okubhaliweyo{plain}$$display$$
Masiyibize le "equation ka-Alice." Besilawula i-ciphertext; umncedisi (uAlice) ukhuphe ulwazi olungacacanga malunga nesicatshulwa esifunyenweyo; kwaye oku kusivumele ukuba sifumane ulwazi malunga nento yokugqibela - isitshixo. Ngomzekeliso, ukuba sinokufumana uqhagamshelwano olunjalo lweskripthi se-CBC, singakwazi ukukhupha ulwazi oluyimfihlo apho ngokunjalo.
Ngethamsanqa, kukho ngokwenene ubudlelwane ngaphandle apho esinokulusebenzisa. Qwalasela isiphumo somnxeba wokugqibela ukucima ibhloko ye-cipher kwaye uchaze le mveliso njenge . Sikwachaza iibhloko zombhalo ocacileyo kunye neebhloko ze-ciphertext . Jonga kwakhona umzobo we-CBC kwaye uqaphele okwenzekayo:
Le nto masiyibize ngokuba yi-“CBC equation.”
Kwimeko ka-Alice, ngokubeka esweni i-ciphertext kunye nokubukela ukuvuza kombhalo ocacileyo ohambelanayo, sakwazi ukwenza uhlaselo oluthe lwaphinda lwafumana ikota yesithathu kwi-equation-isitshixo. Kwimeko ye-CBC, sikwabeka esweni i-ciphertext kwaye sijonge ukuvuza kolwazi kumbhalo ocacileyo ohambelana nawo. Ukuba umzekeliso ubambe, sinokufumana ulwazi malunga .
Masicinge ukuba sibuyiselwe ngokwenene , yintoni ke? Ke, ngoko singaprinta yonke ibhloko yokugqibela yesicatshulwa esicacileyo kanye (), ngokungena nje (esinayo) kunye
yamkelwe kwinxaki yeCBC.
Ngoku sinethemba malunga nesicwangciso esipheleleyo sohlaselo, lixesha lokuba sifumane iinkcukacha. Nceda unike ingqwalaselo yokuba ulwazi olucacileyo luvuzwa njani kumncedisi. Kwiscript sika-Alice, ukuvuza kwenzekile kuba uAlice angaphendula ngomyalezo ochanekileyo kuphela ukuba $inline$text{SIMPLE_SUBSTITUTION}(text{ciphertext},text{key})$inline$ iphele ngomgca. a (okanye bb, njalo njalo, kodwa amathuba okuba le miqathango iqhutywe ngengozi yayincinci kakhulu). Ngokufana ne-CBC, iseva iyayamkela i-padding ukuba kwaye kuphela ukuba Iphela ngehexadecimal 01. Ke masizame iqhinga elifanayo: ukuthumela ii-ciphertexts zobuxoki kunye namaxabiso ethu obuxoki de umncedisi wamkele ukuzaliswa.
Xa umncedisi esamkela i-padding yomnye wemiyalezo yethu yobuxoki, oko kuthetha ukuba:
Ngoku sisebenzisa ipropathi yebyte-byte XOR:
Siyazi ikota yokuqala neyesithathu. Kwaye sele sibonile ukuba oku kusivumela ukuba sifumane kwakhona ixesha eliseleyo-i-byte yokugqibela ukusuka :
Oku kukwasinika ibhayithi yokugqibela yebhloko yombhalo ongenanto wokugqibela nge-equation ye-CBC kunye nepropati ye-byte-by-byte.
Singayiyeka loo nto kwaye saneliseke kukuba siye sahlasela i-cipher eyomeleleyo. Kodwa eneneni sinokwenza okuninzi kakhulu: sinokuphinda sifumane kwakhona sonke isicatshulwa. Oku kufuna iqhinga elalingekho kwiskripthi sokuqala sika-Alice kwaye akufuneki kuhlaselo lwe-oracle, kodwa kusafanele kufundwe.
Ukuyiqonda, okokuqala qaphela ukuba isiphumo sokukhupha ixabiso elichanekileyo le-byte yokugqibela sinesakhono esitsha. Ngoku, xa sibumba i-ciphertexts, singakwazi ukusebenzisa i-byte yokugqibela yombhalo ocacileyo ohambelana nawo. Kwakhona, oku kunxulumene nenxaki ye-CBC kunye nepropati ye-byte-byte:
Ekubeni ngoku silazi ixesha lesibini, sinokusebenzisa ulawulo lwethu phezu kweyokuqala ukulawula eyesithathu. Sibala nje:
Asikwazanga ukwenza oku ngaphambili kuba besingekabinayo i-byte yokugqibela .
Kuya kusinceda njani oku? Masithi ngoku sidala yonke i-ciphertexts kangangokuba kwi-plaintexts i-byte yokugqibela ilingana 02. Umncedisi ngoku wamkela ukhuko kuphela ukuba okubhaliweyo okungenanto kuphela 02 02. Ekubeni silungise i-byte yokugqibela, oku kuya kwenzeka kuphela ukuba i-byte ye-penultimate ye-plaintext ikwangu-02. Ngeli xesha sifumana:
Kwaye sibuyisela i-byte ye-penultimate njengokuba wabuyiselwayo wokugqibela. Siqhubeka ngomoya ofanayo: silungisa iibytes ezimbini zokugqibela zesicatshulwa esicacileyo 03 03, siphinda olu hlaselo lwe-byte yesithathu ukusuka ekupheleni njalo njalo, ekugqibeleni ukubuyisela ngokupheleleyo .
Kuthekani ngesinye isicatshulwa? Nceda uqaphele ukuba ixabiso ngenene yi-$inline$text{BLOCK_DECRYPT}(okubhaliweyo{isitshixo},C_{247})$inline$. Sinokubeka nayiphi na enye ibhloko endaweni yoko , kwaye uhlaselo luya kuphumelela. Enyanisweni, sinokucela umncedisi ukuba enze i-$inline$text{BLOCK_DECRYPT}$inline$ kuyo nayiphi na idatha. Okwangoku, umdlalo uphelile - singakwazi ukuguqulela nayiphi na i-ciphertext (thatha enye ukujonga kwi-CBC decryption diagram ukubona oku; kwaye uqaphele ukuba i-IV isesidlangalaleni).
Le ndlela ikhethekileyo idlala indima ebalulekileyo kuhlaselo lwe-oracle esiza kuhlangana nayo kamva.
Uhlaselo lukaKelsey
I-congenial yethu uJohn Kelsey wandlala imigaqo ephantsi kohlaselo oluninzi olunokwenzeka, hayi nje iinkcukacha zohlaselo oluthile kwi-cipher ethile. Yakhe luphononongo lohlaselo olunokwenzeka kwidatha ecinezelweyo efihliweyo. Ngaba ucinga ukuba ulwazi lokuba idatha yaxinzelelwa phambi koguqulelo oluntsonkothileyo yayinganelanga ukwenza uhlaselo? Kuvela ukuba kwanele.
Esi siphumo esimangalisayo sibangelwa yimigaqo emibini. Okokuqala, kukho unxulumano olukhulu phakathi kobude besicatshulwa nobude besicatshulwa; kuba ii-ciphers ezininzi ziqinisekisa ukulingana. Okwesibini, xa ucinezelo lwenziwa, kukho ulungelelwaniso oluqinileyo phakathi kobude bomyalezo oxinanisiweyo kunye nenqanaba "lomsindo" wombhalo ocacileyo, oko kukuthi, umlinganiselo weempawu ezingaphindi (igama lobugcisa "i-entropy ephezulu" ).
Ukubona umgaqo usebenza, qwalasela imibhalo ecacileyo emibini:
Isiqendu 1:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIsiqendu 2:
ATVXCAGTRSVPTVVULSJQHGEYCMQPCRQBGCYIXCFJGJ
Masicinge ukuba yomibini imibhalo engenanto icinezelwe kwaye iguqulelwe ngokuntsonkothileyo. Ufumana iziphumo ezimbini ze-ciphertexts kwaye kufuneka uqashele ukuba yeyiphi i-ciphertext ehambelana nowuphi umbhalo ocacileyo:
Isicatshulwa 1:
PVOVEYBPJDPVANEAWVGCIUWAABCIYIKOOURMYDTAIsicatshulwa 2:
DWKJZXYU
Impendulo icacile. Phakathi kwemibhalo ecacileyo, kuphela umbhalo ocacileyo woku-1 onokucinezelwa ube ngobude obuncinane bombhalo wesibini. Siyicinge le nto ngaphandle kokwazi kwanto malunga ne-algorithm yoxinzelelo, isitshixo sokufihla, okanye i-cipher ngokwayo. Xa kuthelekiswa nohlaselo lwe-cryptographic olunokwenzeka, olu luhlobo lokuphambana.
UKelsey uhlabela mgama ebonisa ukuba phantsi kweemeko ezithile ezingaqhelekanga lo mgaqo usenokusetyenziselwa ukwenza uhlaselo lwelizwi. Ngokukodwa, ichaza indlela umhlaseli anokubuyisela ngayo okubhaliweyo okuyimfihlo ukuba unokunyanzela umncedisi ukuba afihle idatha yefom (umbhalo ocacileyo olandelwa ngu ngelixa esalawulayo kwaye ngandlela ithile ingajonga ubude besiphumo esifihliweyo.
Kwakhona, njengolunye uhlaselo lwe-oracle, sinobudlelwane:
Kwakhona, silawula ixesha elinye (), sibona ukuvuza okuncinci kolwazi malunga nelinye ilungu (i-ciphertext) kwaye uzame ukubuyisela okokugqibela (umbhalo ocacileyo). Ngaphandle komzekeliso, le yimeko engaqhelekanga xa kuthelekiswa nolunye uhlaselo lwe-oracle esilubonileyo.
Ukubonisa ukuba uhlaselo olunjalo lunokusebenza njani, masisebenzise isikimu socinezelo esiyintsomi esisandula ukuza nalo: TOYZIP. Ijonga imigca yokubhaliweyo evele ngaphambili kwisicatshulwa kwaye endaweni yayo izibambele iibyte ezintathu ezibonisa apho ungafunyanwa khona umzekelo wangaphambili womgca kwaye uvela kangaphi apho. Umzekelo, umgca helloworldhello inokucinezelwa ibe helloworld[00][00][05] I-13 bytes ubude xa kuthelekiswa ne-15 bytes yokuqala.
Masithi umhlaseli uzama ukufumana umbhalo ocacileyo wefomu password=..., apho igama lokugqithisa ngokwalo lingaziwa. Ngokwemodeli yokuhlaselwa kukaKelsey, umhlaseli unokucela umncedisi ukuba acinezele kwaye emva koko abethelele imiyalezo yefomu (umbhalo ocacileyo olandelwa ngu ), phi - isicatshulwa sasimahla. Xa umncedisi egqibile ukusebenza, uxela ubude besiphumo. Uhlaselo luhamba ngolu hlobo:
Umqhathi: Nceda ucinezele kwaye uguqulele ngokuntsonkothileyo okubhaliweyo ngaphandle kokukhuselwa.
Iseva: Ubude besiphumo 14.
Umqhathi: Nceda cinezela kwaye uguqulele ngokuntsonkothileyo umbhalo ocacileyo ohlonyelwe kuwo
password=a.Iseva: Ubude besiphumo 18.
Amanqaku e-cracker: [eyokuqala 14] + [ibhayithi ezintathu ezitshintshileyo password=] + a
Umqhathi: Nceda cinezela kwaye uguqulele ngokuntsonkothileyo umbhalo ocacileyo owongezwa kuwo
password=b.Iseva: Ubude besiphumo 18.
Umqhathi: Nceda cinezela kwaye uguqulele ngokuntsonkothileyo umbhalo ocacileyo owongezwa kuwo
password=с.Iseva: Ubude besiphumo 17.
Amanqaku e-cracker: [eyokuqala 14] + [ibhayithi ezintathu ezitshintshileyo password=c]. Oku kuthatha ukuba umbhalo ocacileyo woqobo uqulathe umtya password=c. Oko kukuthi, igama lokugqitha liqala ngonobumba c
Umqhathi: Nceda cinezela kwaye uguqulele ngokuntsonkothileyo umbhalo ocacileyo owongezwa kuwo
password=сa.Iseva: Ubude besiphumo 18.
Amanqaku e-cracker: [eyokuqala 14] + [ibhayithi ezintathu ezitshintshileyo password=с] + a
Umqhathi: Nceda cinezela kwaye uguqulele ngokuntsonkothileyo umbhalo ocacileyo owongezwa kuwo
password=сb.Iseva: Ubude besiphumo 18.
(... Ngexesha elithile kamva…)
Umqhathi: Nceda cinezela kwaye uguqulele ngokuntsonkothileyo umbhalo ocacileyo owongezwa kuwo
password=со.Iseva: Ubude besiphumo 17.
Amanqaku e-cracker: [eyokuqala 14] + [ibhayithi ezintathu ezitshintshileyo password=co]. Ukusebenzisa ingqiqo efanayo, umhlaseli ugqiba ukuba igama eliyimfihlo liqala ngoonobumba co
Kwaye njalo ide yonke igama eligqithisiweyo libuyiselwe.
Umfundi uya kuxolelwa ngokucinga ukuba lo ngumsebenzi wezemfundo kuphela kwaye imeko yohlaselo enjalo ayinakuze ivele kwihlabathi lokwenyani. Ewe, njengoko siza kubona kungekudala, kungcono ukungayeki kwi-cryptography.
Ubuthathaka bebhrendi: CRIME, POODLE, DROWN
Ekugqibeleni, emva kokufunda ithiyori ngokweenkcukacha, sinokubona ukuba ezi ndlela zisetyenziswa njani kuhlaselo lokwenyani lwe-cryptographic.
Ulwaphulo-mthetho
Ukuba uhlaselo lujolise kwisikhangeli sexhoba kunye nenethiwekhi, ezinye izinto ziya kuba lula kwaye ezinye ziya kuba nzima. Ngokomzekelo, kulula ukubona i-traffic yexhoba: vele uhlale naye kwi-cafe enye kunye ne-WiFi. Ngesi sizathu, amaxhoba anokubakho (o.k.t. wonke umntu) bayacetyiswa ngokubanzi ukuba basebenzise unxibelelwano olufihliweyo. Kuya kuba nzima ngakumbi, kodwa kunokwenzeka, ukwenza izicelo ze-HTTP egameni lexhoba kwindawo ethile yomntu wesithathu (umzekelo, iGoogle). Umhlaseli kufuneka atsalele ixhoba kwiphepha lewebhu elinobungozi kunye neskripthi esenza isicelo. Isikhangeli sewebhu siya kubonelela ngokuzenzekelayo i-cookie yeseshoni ehambelanayo.
Oku kubonakala kumangalisa. Ukuba uBob uye waya evil.com, ingaba umbhalo kule ndawo unokucela uGoogle ukuba athumele i-password kaBob kwi-imeyile [email protected]? Ewe, kwithiyori ewe, kodwa enyanisweni hayi. Lo mzekelo ubizwa ngokuba sisicelo sohlaselo lwenkohliso lwesiza esinqamlezileyo (, CSRF), kwaye yayidumile phakathi kwiminyaka yoo-90s. Namhlanje ukuba evil.com izama eli qhinga, uGoogle (okanye nayiphi na iwebhusayithi ezihloniphayo) uya kuphendula athi, “Kulungile, kodwa uphawu lwakho lweCSRF lwale ntengiselwano luya kuba...um... три триллиона и семь. Nceda uphinde le nombolo." Iibhrawuza zale mihla zinento ebizwa ngokuba "ngumgaqo-nkqubo wemvelaphi efanayo" apho izikripthi ezikwisiza A zingakwazi ukufikelela kulwazi oluthunyelwe yiwebhusayithi B. Ngoko ke umbhalo uvuliwe evil.com ingathumela izicelo ku google.com, kodwa ayikwazi ukufunda iimpendulo okanye ngenene ukugqiba intengiselwano.
Kufuneka sigxininise ukuba ngaphandle kokuba uBob usebenzisa unxibelelwano olufihliweyo, zonke ezi zikhuselo azinantsingiselo. Umhlaseli unokufunda ngokulula i-traffic ka-Bob kwaye abuyise i-cookie yeseshoni kaGoogle. Ngale kuki, uya kuvula ithebhu entsha kaGoogle ngaphandle kokushiya isikhangeli sakhe kwaye azenze uBob ngaphandle kokudibana nemigaqo-nkqubo engathandekiyo yemvelaphi efanayo. Kodwa, ngelishwa kumqhekezi, oku kuya kuncipha. I-Intanethi iyonke kudala ibhengeza imfazwe kunxibelelwano olungafihlwanga, kwaye itrafikhi ephumayo kaBob mhlawumbi ifihliwe, nokuba uyayithanda okanye akayithandi. Ukongeza, kwasekuqaleni kokuphunyezwa kweprotocol, i-traffic nayo yayikhona ushwabene phambi koguqulelo oluntsonkothileyo; oku kwakuyindlela eqhelekileyo yokunciphisa i-latency.
Kulapho kungena khona (Compression Ratio Infoleak Made Easy, ukuvuza okulula ngomlinganiselo wokunyanzeliswa). Ukuba sesichengeni kwatyhilwa ngoSeptemba 2012 ngabaphandi bokhuseleko uJuliano Rizzo kunye noThai Duong. Sele sihlolisise yonke isiseko sethiyori, esivumela ukuba siqonde ukuba benze ntoni kwaye njani. Umhlaseli unokunyanzela isikhangeli sikaBob ukuba sithumele izicelo kuGoogle kwaye emva koko umamele iimpendulo kwinethiwekhi yendawo ngendlela ecinezelweyo, efihliweyo. Ngoko ke sine:
Apha umhlaseli ulawula isicelo kwaye unokufikelela kwi-traffic sniffer, kuquka ubungakanani bepakethi. Imeko yasentsomini kaKelsey yabakho.
Ukuqonda i-theory, ababhali be-CRIME benza i-exploit enokuba ii-cookie zeseshoni kwiindawo ezininzi, kuquka i-Gmail, i-Twitter, i-Dropbox kunye ne-Github. Ukuba sesichengeni kuchaphazele uninzi lwezikhangeli zewebhu zale mihla, okubangele ukuba kukhululwe iziqwengana ezingcwatywe buthule into yocinezelo kwi-SSL ukuze ingasetyenziswa kwaphela. Ekuphela kwayo ekhuselweyo kubuthathaka yayiyi-Internet Explorer ehloniphekileyo, engazange isebenzise ucinezelo lwe-SSL konke konke.
POODLE
Ngo-Okthobha 2014, iqela lokhuseleko likaGoogle lenze amaza kuluntu lokhuseleko. Bakwazile ukusebenzisa ukuba semngciphekweni kwiprothokholi ye-SSL eyayifakwe ngaphezulu kweminyaka elishumi eyadlulayo.
Kuyavela ukuba ngelixa abancedisi beqhuba i-TLSv1.2 entsha ekhanyayo, abaninzi baye bashiya inkxaso ye-SSLv3 yelifa lokubuyela ngasemva kunye ne-Internet Explorer 6. Sele sithethile ngohlaselo lokuthotywa, ngoko unokucinga ukuba kuqhubeka ntoni. I-sabotage ecwangciswe kakuhle yeprothokholi yokuxhawula izandla kunye neeseva zikulungele ukubuyela kwi-SSLv3 endala, ngokusisiseko irhoxisa iminyaka eli-15 yokugqibela yophando lokhuseleko.
Ngomxholo wembali, :
Ukhuseleko lweNqanaba lezoThutho (TLS) yeyona ndlela yokhuseleko ibalulekileyo kwi-Intanethi. [..] phantse yonke intengiselwano oyenzayo kwi-Intanethi ixhomekeke kwiTLS. [..] Kodwa i-TLS ibingasoloko iyi-TLS. Iprotocol yaqala ubomi bayo ebizwa ngokuba yi "Secure Sockets Layer" okanye i-SSL. I-rumor ithi inguqulelo yokuqala ye-SSL yayiyoyikeka kangangokuba abaphuhlisi baqokelela zonke iiprinta zekhowudi kwaye bazingcwaba kwindawo yokulahla inkunkuma eyimfihlo eNew Mexico. Ngenxa yoko, inguqulelo yokuqala efumaneka esidlangalaleni ye-SSL ngokwenene . Iyoyikeka kakhulu, kwaye [..] yayiyimveliso yaphakathi kwiminyaka yoo-90s, abachwephesha banamhlanje abayijonga njenge "" Uninzi lwezona hlaselo zimasikizi esizaziyo malunga nanamhlanje azikafunyaniswa. Ngenxa yoko, abaphuhlisi beprotocol ye-SSLv2 babeshiywe ukuba babambe indlela yabo ebumnyameni, kwaye bajongana. -Ukudane kwabo kunye nenzuzo yethu, kuba uhlaselo lwe-SSLv2 lushiye izifundo ezibaluleke kakhulu kwisizukulwana esilandelayo semigaqo.
Ukulandela ezi ziganeko, kwi-1996, i-Netscape ephoxekileyo yaphinda yaqulunqa iprotocol ye-SSL ukusuka ekuqaleni. Isiphumo yaba SSL version 3, leyo .
Ngethamsanqa kumasela, “abambalwa” abathethi “bonke.” Ngokubanzi, i-SSLv3 ibonelele zonke iibhloko zokwakha eziyimfuneko ukuqalisa uhlaselo lweVodene. Umthetho olandelwayo wasebenzisa i-CBC ibhlokhi yemowudi ye-cipher kunye neskimu sokukhuhla esingakhuselekanga (oku kwalungiswa kwi-TLS; kungoko imfuneko yohlaselo oluthotyiweyo). Ukuba uyakhumbula iskimu sokupakisha kwinkcazo yethu yoqobo yohlaselo lweVaudenay, iskimu se-SSLv3 siyafana kakhulu.
Kodwa, ngelishwa kumasela, “into efanayo” ayithethi “nto enye.” I-SSLv3 padding scheme ngu "N random bytes elandelwa yinombolo N". Zama, phantsi kwale miqathango, ukukhetha ibhloko yengqikelelo ye-ciphertext kwaye uhambe kuwo onke amanyathelo eskimu sokuqala sikaVaudene: uya kufumanisa ukuba uhlaselo lukhupha ngempumelelo i-byte yokugqibela kwibhloko ehambelanayo yombhalo ocacileyo, kodwa awuqhubeki phambili. Ukucima yonke i-byte ye-16 ye-ciphertext liqhinga elikhulu, kodwa ayiloloyiso.
Ngokujongana nokusilela, iqela likaGoogle labhenela kwisigqibo sokugqibela: batshintshela kwimodeli enamandla kakhulu yesoyikiso-leyo isetyenziswa kwi-CRIME. Ukucinga ukuba umhlaseli siskripthi esisebenza kwibhrawuza yexhoba kwaye unokukhupha iikuki zeseshoni, uhlaselo lusachukumisa. Ngelixa imodeli yosoyikiso ebanzi ingenanyani, sibonile kwicandelo elidlulileyo ukuba le modeli inokwenzeka.
Ngokunikwa ezi zakhono zohlaseli zinamandla ngakumbi, uhlaselo ngoku lungaqhubeka. Qaphela ukuba umhlaseli uyazi apho i-cookie yeseshoni efihliweyo ivela kwi-header kwaye ilawula ubude besicelo se-HTTP esandulelayo. Ngoko ke, iyakwazi ukuxhaphaza isicelo se-HTTP ukwenzela ukuba i-byte yokugqibela ye-cookie ihambelane nokuphela kwebhloko. Ngoku le-byte ikulungele ukuguqulelwa kwikhowudi. Unokongeza nje umlingiswa omnye kwisicelo, kwaye i-byte ye-penultimate ye-cookie iya kuhlala kwindawo efanayo kwaye ifanelekile ukukhethwa usebenzisa indlela efanayo. Uhlaselo luqhubeka ngolu hlobo de ifayile yecookie ibuyiselwe ngokupheleleyo. Ibizwa ngokuba yi-POODLE: I-Padding Oracle kwi-Downgraded Legacy Encryption.
AMANZI
Njengoko besitshilo, i-SSLv3 yayineziphene zayo, kodwa yayahluke kakhulu kokwandulelayo, kuba i-SSLv2 evuzayo yayiyimveliso yexesha elahlukileyo. Apho unokuphazamisa umyalezo embindini: соглашусь на это только через мой труп yajika yaba соглашусь на это; umxhasi kunye nomncedisi banokudibana kwi-intanethi, bamisele ukuthembana kunye notshintshiselwano ngeemfihlo phambi komhlaseli, onokuzenza zombini ezi zinto ngokulula. Kukwakho ingxaki yokuthumela ngaphandle i-cryptography, esiyikhankanye xa siqwalasela i-FREAK. Ezi yayiyiSodom neGomora ngokufihlakeleyo.
Ngo-Matshi 2016, iqela labaphandi abavela kwiinkalo ezahlukeneyo zobugcisa badibana kwaye bafumana into emangalisayo: i-SSLv2 isasetyenziswa kwiinkqubo zokhuseleko. Ewe, abahlaseli abasakwazi ukuthoba iiseshini ze-TLS zangoku ukuya kwi-SSLv2 ukusukela oko umngxuma wavalwa emva kwe-FREAK kunye ne-POODLE, kodwa basenakho ukuqhagamshela kwiiseva kwaye baziqalele ngokwabo iiseshini ze-SSLv2.
Usenokubuza, kutheni siyikhathalele into abayenzayo apho? Baneseshoni esengozini, kodwa akufanele ichaphazele ezinye iiseshoni okanye ukhuseleko lomncedisi - akunjalo? Ewe, akunjalo. Ewe, kufanele kube njalo kwithiyori. Kodwa hayi - kuba ukuvelisa izatifikethi ze-SSL kubeka umthwalo othile, okubangela ukuba abancedisi abaninzi basebenzise izatifikethi ezifanayo kwaye, ngenxa yoko, izitshixo ezifanayo zeRSA ze-TLS kunye nodibaniso lwe-SSLv2. Ukwenza izinto zibe mbi ngakumbi, ngenxa ye-OpenSSL bug, ukhetho "Khubaza i-SSLv2" kolu kuphunyezwa kwe-SSL ludumileyo aluzange lusebenze.
Oku kwenza uhlaselo lwe-cross-protocol kwi-TLS, olubizwa (Ukucima i-RSA ngoShicilelo oluNgasetyenziswayo kunye nolwenziwa buthathaka, ukususa uguqulelo kwi-RSA ngoguqulelo oluphelelwe lixesha nolubuthathaka). Khumbula ukuba oku akufani nokuhlaselwa okufutshane; umhlaseli akafuni ukuba enze "indoda phakathi" kwaye akufuneki ukuba abandakanye umxhasi ukuba athathe inxaxheba kwiseshoni engakhuselekanga. Abahlaseli baqalisa iseshoni ye-SSLv2 engakhuselekanga ngomncedisi ngokwabo, bahlasele iprothokholi ebuthathaka, kwaye baphinde bafumane isitshixo sabucala se-RSA somncedisi. Eli qhosha likwasebenza kuqhagamshelo lwe-TLS, kwaye ukusuka kweli nqanaba ukuya phambili, akukho xabiso lokhuseleko lwe-TLS luya kuyithintela ukuba ingathotywa.
Kodwa ukuyiqhekeza, udinga uhlaselo olusebenzayo ngokuchasene ne-SSLv2, ekuvumela ukuba ubuyise kungekuphela nje itrafikhi ethile, kodwa kunye nesitshixo se-RSA eyimfihlo. Nangona oku kukuseta okuntsokothileyo, abaphandi banokukhetha nabuphi na ubuthathaka obuvalwe ngokupheleleyo emva kwe-SSLv2. Ekugqibeleni bafumene inketho efanelekileyo: ukuhlaselwa kweBleichenbacher, esikukhankanyileyo ngaphambili kwaye esiza kuchaza ngokucacileyo kwinqaku elilandelayo. I-SSL kunye ne-TLS zikhuselwe kolu hlaselo, kodwa ezinye izinto ezingalindelekanga ze-SSL, ezidityaniswe nezitshixo ezimfutshane kwi-cryptography yebakala lokuthumela ngaphandle, yenze ukuba kwenzeke. .
Ngexesha lokupapashwa, i-25% yeendawo eziphezulu ze-Intanethi zachatshazelwa bubuthathaka be-DROWN, kwaye uhlaselo lunokuthi lwenziwe ngezixhobo ezithobekileyo ezifumanekayo nakubageki abakhohlakeleyo. Ukufumana kwakhona isitshixo se-RSA somncedisi kufuna iiyure ezisibhozo zokubala kunye ne-$ 440, kwaye i-SSLv2 ihambe ukusuka ekuphelelweni ukuya kwi-radioactive.
Yima, kuthekani ngeHeartbleed?
Olu asilohlaselo lwe-cryptographic ngendlela echazwe ngasentla; Esi sisithinteli sokuphuphuma.
Makhe siphumle
Saqala ngeendlela ezisisiseko: amandla akhohlakeleyo, ukuguqulela, ukuthotywa, iprotocol, kunye nokubala kwangaphambili. Emva koko sijonge ubuchule obuphambili, mhlawumbi eyona nxalenye iphambili yohlaselo lwe-cryptographic yanamhlanje: uhlaselo lwe-oracle. Sichithe ixesha elithile sicinga ngayo - kwaye asiqondanga kuphela umgaqo osisiseko, kodwa kunye neenkcukacha zobugcisa zokuphunyezwa okubini okuthe ngqo: uhlaselo lweVaudenay kwimowudi yoguqulelo lwe-CBC kunye nohlaselo lukaKelsey kwiiprothokholi zokubethelwa kwangaphambili.
Ekuphononongeni uhlaselo lokuthotywa kunye nokuhlaselwa kwangaphambili, sichaze ngokufutshane uhlaselo lwe-FREAK, olusebenzisa zombini iindlela ngokuba neendawo ekujoliswe kuzo ezihlayo ukuya kwizitshixo ezibuthathaka kwaye ziphinde zisebenzise izitshixo ezifanayo. Kwinqaku elilandelayo, siza kugcina (efana kakhulu) uhlaselo lwe-Logjam, olujolise kwii-algorithms ezingundoqo zoluntu.
Emva koko siye sajonga eminye imizekelo emithathu yokusetyenziswa kwale migaqo. Okokuqala, i-CRIME kunye ne-POODLE: uhlaselo olubini oluxhomekeke kubuchule bomhlaseli ukufaka inkcazo ecacileyo ecaleni kwesicatshulwa ekujoliswe kuso, emva koko uhlolisise iimpendulo zomncedisi kwaye ngoko,usebenzisa indlela yohlaselo lwe-oracle, sebenzisa olu lwazi lunganelanga, ukubuyisela ngokuyinxenye okubhaliweyo. I-CRIME ihambe ngendlela yohlaselo luka-Kelsey kuxinzelelo lwe-SSL, ngelixa i-POODLE endaweni yoko isebenzise ukwahluka kohlaselo lukaVaudenay kwi-CBC ngesiphumo esifanayo.
Emva koko siye sajolisa ingqalelo yethu kuhlaselo lwe-cross-protocol DROWN, oluseka umdibaniso kumncedisi usebenzisa iprotocol ye-SSLv2 yelifa emva koko sifumana izitshixo eziyimfihlo zeseva sisebenzisa uhlaselo lweBleichenbacher. Siye satsiba iinkcukacha zobugcisa zolu hlaselo okwangoku; njenge Logjam, kuya kufuneka ilinde de sibe nokuqonda kakuhle kwe-cryptosystems engundoqo yoluntu kunye nobuthathaka babo.
Kwinqaku elilandelayo siza kuthetha ngohlaselo oluphambili olufana nokuhlangana-phakathi, ukwahlula i-cryptanalysis kunye nokuhlaselwa komhla wokuzalwa. Makhe sithathe ngokukhawuleza kuhlaselo lwe-channel-channel, kwaye emva koko sifike kwinyama yalo mbandela: ii-cryptosystems ezingundoqo zoluntu.
umthombo: www.habr.com