/dev/random, i-cryptographically ekhuselekileyo ye-pseudo-random number generator (CSPRNG), iyaziwa ukuba inengxaki enye ecaphukisayo: ukuvala. Eli nqaku lichaza indlela onokuyicombulula ngayo.
Kwezi nyanga zimbalwa zidlulileyo, izibonelelo zokuvelisa inani elingenamkhethe kwi-kernel ziye zaphinda zalungiswa, kodwa iingxaki kule subsystem ziye zasonjululwa ekuhambeni kwexesha elibanzi. . Okuninzi zenziwe ukunqanda i getrandom () umnxeba wendlela ekuvalelekeni ixesha elide xa inkqubo iqala, kodwa isizathu esisisiseko soku ibilukuziphatha okuthintelwayo kwequla elingenamkhethe. Isiqwenga samva nje besiya kulisusa eli dama kwaye bekulindeleke ukuba lisingise koyena ndoqo.
UAndy Lutomirski upapashe inguqulelo yesithathu yesiqwenga ekupheleni kukaDisemba. Unegalelo "Utshintsho olukhulu lwesemantic kwiLinux APIs". Ipetshi yongeza iflegi entsha ye-GRND_INSECURE kwi-getrandom() inkqubo yokufowuna (nangona uLutomirsky ebhekisa kuyo njenge getentropy(), ephunyezwa kwi-glibc kusetyenziswa i-getrandom() eneeflegi ezisisigxina); le flegi ibangela ukuba umnxeba usoloko ubuyisela inani ledatha eceliweyo, kodwa ngaphandle kokuqinisekisa ukuba idatha ayinamkhethe. I-kernel iya kwenza konke okusemandleni ayo ukuvelisa eyona datha ilungileyo enayo ngexesha elinikiweyo. "Mhlawumbi eyona nto ingcono ukuyenza kukuyibiza ngokuthi 'INSECURE' (ukungakhuselekanga) ukunqanda le API ukuba ingasetyenziselwa izinto ezifuna ukhuseleko."
Iipetshi zikwasusa idama lokuvimba. I-kernel okwangoku igcina amachibi edatha engahleliweyo, enye ihambelana ne / dev / ngokungahleliwe kwaye enye ukuya / dev / urandom, njengoko kuchaziwe kule 2015. Idama elithintelayo liqula le/dev/random; ifundeka kweso sixhobo iya kuvala (ithetha igama layo) de i-entropy "yanele" iqokelelwe kwisistim ukwanelisa isicelo. Okunye ufundo kule fayile kuvaliwe ukuba akukho entropy yaneleyo equleni.
Ukususa idama lokutshixa kuthetha ukuba ukufunda ukusuka /dev/okungacwangciswanga kuziphatha njenge getrandom() kunye neeflegi ezimiselwe ku-zero (kwaye zijike i-GRND_RANDOM iflegi ibe yi-noop). Emva kokuba i-cryptographic random number generator (CRNG) iqaliswe, ukufunda ukusuka / dev / random kunye neefowuni kwi-getrandom (..., 0) ayiyi kuthintela kwaye iya kubuyisela inani eliceliweyo ledatha engahleliwe.
ULutomirsky uthi: "Ndiyakholelwa ukuba iphuli yokuvala iLinux iphelelwe lixesha. I-CRNG Linux ivelisa imveliso elungile ngokwaneleyo ukuba ingasetyenziselwa ukwenza isitshixo. Idama elithintelayo alinamandla kuyo nayiphi na ingqiqo kwaye lifuna iziseko ezininzi zexabiso elithandabuzekayo ukuyixhasa.β
Utshintsho lwenziwe ngenjongo yokuqinisekisa ukuba iinkqubo ezikhoyo aziyi kuchaphazeleka ngokwenene, kwaye ngokwenene, kuya kubakho iingxaki ezimbalwa ngokulinda ixesha elide kwizinto ezifana ne-GnuPG yesizukulwana esingundoqo.
βEzi ziqendu kufuneka zingaphazamisi naziphi na iinkqubo ezikhoyo. /dev/urandom ihlala ingatshintshi. /dev/i-random isavala ngokukhawuleza kwi-boot, kodwa ibhloka ngaphantsi kunangaphambili. getentropy() kunye neeflegi ezikhoyo ziya kubuyisela isiphumo esilungele iinjongo ezisebenzayo njengangaphambili."
U-Lutomirsky waphawula ukuba kusengumbuzo ovulekileyo ukuba i-kernel kufuneka ibonelele ngokubizwa ngokuba "ngamanani okwenyaniso angenangqiqo," eyona nto i-kernel evimbelayo bekufanele iyenze kwinqanaba elithile. Ubona isizathu esinye soku: βukuthotyelwa kwemilinganiselo karhulumente.β U-Lutomirsky ucebise ukuba ukuba i-kernel yayiza kubonelela ngale nto, kufuneka yenziwe nge-interface eyahluke ngokupheleleyo, okanye kufuneka ihanjiswe kwindawo yomsebenzisi, ivumela umsebenzisi ukuba afumane kwakhona iisampulu zesiganeko ekrwada ezinokusetyenziswa ukwenza ichibi lokutshixa.
UStephan MΓΌller ucebise ukuba iseti yakhe ye Linux Random Number Generator (LRNG) (okwangoku uguqulelo 26 olukhutshiweyo) inokuba yindlela yokubonelela ngamanani enyani angenamkhethe kwizicelo eziyifunayo. I-LRNG "ihambelana ngokupheleleyo nezikhokelo ze-SP800-90B kwiMithombo ye-Entropy esetyenziselwa ukuVelisa iiBits Random," iyenza isisombululo kwingxaki yemigangatho karhulumente.
U-Matthew Garrett ulichasile igama elithi "idatha engacwangciswanga yokwenyani," echaza ukuba izixhobo ezithathwa njengesampulu zinokwenziwa imodeli ngokuchanekileyo ngokwaneleyo ukuze ziqikeleleke: "asiyisampula yeziganeko zobungakanani apha."
U-MΓΌller waphendula ukuba eli gama livela kwi-standard yaseJamani i-AIS 31 ukuchaza i-generator yenombolo engahleliwe evelisa kuphela umphumo "kwizinga elifanayo njengoko umthombo wengxolo ongaphantsi uvelisa i-entropy."
Umahluko wesigama ecaleni, ukuba nedama lokutshixa njengoko kucetyisiwe ziipetshi ze-LRNG kuya kukhokelela kwiingxaki ezahlukeneyo, nokuba kufikeleleke ngaphandle kwamalungelo akhethekileyo.
Njengoko uLutomirsky wathi: βOku akusombululi ingxaki. Ukuba abasebenzisi ababini abohlukeneyo baqhuba iinkqubo zobubhanxa njenge-gnupg, baya kukhuphana. Ndiyabona ukuba okwangoku kukho iingxaki ezimbini eziphambili kunye / dev / ngokungahleliwe: ixhomekeke kwi-DoS (okt ukuchithwa kwezixhobo, impembelelo ekhohlakeleyo okanye into efanayo), kwaye ekubeni kungekho malungelo afunekayo ukuyisebenzisa, iyakwazi ukusetyenziswa kakubi. I-Gnupg ayilunganga, kukuwa ngokupheleleyo. Ukuba songeza ujongano olutsha olungakhuselekanga oluza kusetyenziswa yi-gnupg kunye neenkqubo ezifanayo, siya kuphulukana kwakhona. "
U-Mueller uqaphele ukuba udibaniso lwe getrandom () ngoku luza kuvumela i-GnuPG ukuba isebenzise olujongano, kuba iya kubonelela ngesiqinisekiso esiyimfuneko sokuba idama liqalisiwe. Ngokusekwe kwiingxoxo nomphuhlisi weGnuPG uWerner Koch, uMueller ukholelwa ukuba isiqinisekiso kuphela kwesizathu sokuba iGnuPG ifundeke ngoku ngqo kwi/dev/random. Kodwa ukuba kukho ujongano olungenamkhethe olunokuthi lukhanyele inkonzo (njenge/dev/random namhlanje), uLutomirsky uthi iya kusetyenziswa kakubi kwezinye izicelo.
UTheodore Yue Tak Ts'o, umphuhlisi we-Linux ye-random number subsystem, ubonakala etshintshile ingqondo yakhe malunga nesidingo se-blocking pool. Uthe ukususa eli chibi kuya kuyisusa ngokupheleleyo imbono yokuba iLinux ineyona nombolo yokuvelisa inombolo engakhethiyo (TRNG): "Asiyomfeketho le, kuba yile nto kanye iBSD ibisoloko iyenza."
Ukwaxhalabile ukuba ukubonelela ngomatshini we-TRNG kuya kusebenza nje njengesithiyelo kubaphuhlisi besicelo kwaye ukholelwa ukuba eneneni, ngokunikezelwa kweentlobo ezahlukeneyo zehardware ezixhaswa yi-Linux, akunakwenzeka ukuqinisekisa i-TRNG kwi-kernel. Nokuba ukukwazi ukusebenza ngezixhobo kuphela ngamalungelo engcambu akuyi kuyicombulula ingxaki: "Abaphuhlisi bezicelo bacacisa ukuba usetyenziso lwabo lufakwe njengengcambu ngeenjongo zokhuseleko, ukuze le kuphela kwendlela onokufikelela ngayo kumanani angaqhelekanga 'alunge ngokwenene'."
U-Mueller ubuze ukuba ingaba uCao ukushiyile na ukuphunyezwa kwephuli yokuthintela ekudala eyicebisa ngokwakhe. U-Cao waphendula ukuba uceba ukuthatha iipetshi zikaLutomirsky kwaye uyakuchasa ngokunyanisekileyo ukongeza i-interface yokuthintela ukubuyisela kwi-kernel.
βI-kernel ayinakwenza naziphi na iziqinisekiso malunga nokuba umthombo wengxolo ubonakaliswe ngokufanelekileyo na. Ekuphela kwento enokufunyanwa ngumphuhlisi we-GPG okanye we-OpenSSL yimvakalelo engacacanga yokuba i-TRUERANDOM "ingcono", kwaye kuba befuna ukhuseleko olungakumbi, ngokungathandabuzekiyo baya kuzama ukuyisebenzisa. Ngaxa lithile iya kuvalelwa, kwaye xa omnye umsebenzisi okrelekrele (mhlawumbi ingcali yokusasaza) eyifaka kwiscript ye-init kwaye iinkqubo ziyayeka ukusebenza, abasebenzisi kuya kufuneka bakhalaze kuLinus Torvalds ngokwakhe.
I-Cao ikwakhuthaza ukunika ababhali be-cryptographer kunye nabo bafuna i-TRNG indlela yokuvuna i-entropy yabo kwindawo yomsebenzisi ukuze bayisebenzise njengoko bebona kufanelekile. Uthi ukuqokelela i-entropy akuyona inkqubo enokwenziwa yi-kernel kuzo zonke izixhobo ezahlukeneyo ezixhasayo, kwaye i-kernel ngokwayo ayinakuqikelela inani le-entropy enikezelwa yimithombo eyahlukeneyo.
"I-kernel akufuneki idibanise imithombo yengxolo eyahlukeneyo kunye, kwaye ngokuqinisekileyo ayifanelanga ukuba izame ukwenza ibango lokwazi ukuba mangaphi amasuntswana e-entropy ayifumanayo xa izama ukudlala uhlobo oluthile "lomdlalo we-twitchy entropy" kwi-CPU elula. I-IOT/Iimeko ezizinzisiweyo apho yonke into ingahambelani ne-oscillator enye, apho kungekho myalelo we-CPU wokucwangcisa ngokutsha okanye ukuthiya ngokutsha irejista, njl.
βUngathetha ngokubonelela ngezixhobo ezizama ukwenza ezi zibalo, kodwa ezo zinto kufuneka zenziwe kwihardware yomsebenzisi ngamnye, nto leyo engenzekiyo kubasebenzisi abaninzi bokuhambisa. Ukuba oku kujoliswe kuphela kwi-cryptographers, ke makwenziwe kwindawo yabo yomsebenzisi. Kwaye masingayenzi lula i-GPG, i-OpenSSL, njl. njl Sinokuthetha malunga nendlela esibonelela ngayo ujongano kwi-cryptographers ukuze bafumane ulwazi abaludingayo ngokufikelela kwimithombo yengxolo ephambili, eyahluliweyo kwaye inikwe igama, kwaye mhlawumbi ngandlela thile umthombo wengxolo unokuqinisekisa kwithala leencwadi okanye isicelo sendawo yomsebenzisi.
Kwakukho ingxoxo malunga nokuba ujongano olunjalo lunokujongeka njani, kuba umzekelo kunokubakho iziphumo zokhuseleko kwiziganeko ezithile. UCao uqaphele ukuba iikhowudi zokuskena zebhodibhodi (okt izitshixo) zixutywe echibini njengenxalenye yengqokelela ye-entropy: "Ukuzisa oku kwindawo yomsebenzisi, nangomnxeba wenkqubo enelungelo, akuyi kuba bubulumko ukuthetha kancinci." Kuyenzeka ukuba amanye amaxesha esiganeko anokwenza uhlobo oluthile lolwazi lokuvuza ngokusebenzisa amajelo asecaleni.
Ke kukhangeleka ngathi yingxaki ekudala ikho kunye ne-Linux's random number subsystem isendleleni eya kwisisombululo. Utshintsho oluthe lwenzeka kwisixokelelwano senani elingenamkhethe mva nje lukhokelele kwimiba ye-DoS ngelixa lusetyenziswa. Ngoku kukho iindlela ezisebenzayo zokufumana awona manani angakhethiyo angcono anokunikwa yi-kernel. Ukuba i-TRNG isanqweneleka kwi-Linux, ke esi siphene siya kufuna ukulungiswa kwixesha elizayo, kodwa oku kunokwenzeka ukuba oku akuyi kwenziwa ngaphakathi kwekernel ngokwayo.
Ezinye iintengiso π
Enkosi ngokuhlala nathi. Ngaba uyawathanda amanqaku ethu? Ngaba ufuna ukubona umxholo onomdla ngakumbi? Sixhase ngokufaka iodolo okanye ngokucebisa abahlobo, , i-analogue eyodwa yeeseva zomgangatho wokungena, eyenzelwe wena: (ifumaneka nge-RAID1 kunye ne-RAID10, ukuya kuthi ga kwi-24 cores kunye ne-40GB DDR4).
Dell R730xd 2x ngexabiso eliphantsi kwiziko ledatha le-Equinix Tier IV eAmsterdam? Kuphela apha eNetherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - ukusuka $99! Funda malunga
umthombo: www.habr.com