Uhlalutyo lweposi: yintoni eyaziwayo malunga nohlaselo lwamva nje kwinethiwekhi ye-SKS Keyserver yeeseva eziphambili ze-crypto

Abaduni basebenzise inqaku le-OpenPGP protocol eyaziwayo ngaphezulu kweminyaka elishumi.

Siyakuxelela ukuba yintoni inqaku kwaye kutheni bengenakuyivala.

/unsplash/ Chunlea Ju

Iingxaki zenethiwekhi

Phakathi kuJuni, ayaziwa yenze uhlaselo kuthungelwano lweeseva ezingundoqo ezifihlakeleyo SKS Keyserver, eyakhelwe kwi-OpenPGP protocol. Lo ngumgangatho weIETF (RFC 4880), esetyenziselwa ukufihla i-imeyile kunye neminye imiyalezo. Uthungelwano lwe-SKS lwenziwa kwiminyaka engamashumi amathathu eyadlulayo ukuze lusasaze izatifikethi zoluntu. Ibandakanya izixhobo ezifana IGnuPG kuguqulelo oluntsonkothileyo lwedatha kunye nokwenza imisayino yedijithali yedijithali.

Abaduni baye babeka esichengeni iziqinisekiso zabagcini beprojekthi yeGnuPG ababini, uRobert Hansen noDaniel Gillmor. Ukulayisha isatifikethi esonakeleyo kwiseva kubangela ukuba i-GnuPG ingaphumeleli-inkqubo ivele ingumkhenkce. Kukho isizathu sokukholelwa ukuba abahlaseli abayi kumisa apho, kwaye inani lezatifikethi ezithotyiweyo liya kwanda kuphela. Okwangoku, ubungakanani bengxaki ayikaziwa.

Undoqo wohlaselo

Abahlaseli bathathe ithuba lokuba sesichengeni kwiprotocol ye-OpenPGP. Sele amashumi eminyaka esaziwa eluntwini. Nokuba kwiGitHub inokufunyanwa imisebenzi ehambelanayo. Kodwa okwangoku akukho mntu uthathe uxanduva lokuvala "umngxuma" (siya kuthetha ngezizathu ngokubanzi kamva).

Iinketho ezimbalwa kwibhlog yethu kuHabré:

• I-SDN digest - ii-emulators ezintandathu ezivulelekileyo
• UYakha njani i-SDN-Izixhobo ezisibhozo zoMthombo oVulekileyo
• I-Network digest: Izixhobo ze-17 zengcali malunga ne-Wi-Fi kunye ne-5G

Ngokokucaciswa kwe-OpenPGP, nabani na unokongeza utyikityo lwedijithali kwizatifikethi zokuqinisekisa umnini wazo. Ngaphezu koko, inani eliphezulu lokutyikitya alilawulwa nangayiphi na indlela. Kwaye nantsi ingxaki ivela - inethiwekhi ye-SKS ikuvumela ukuba ubeke ukuya kuthi ga kwi-150 lamawaka esayinwe kwisatifikethi esinye, kodwa i-GnuPG ayilixhasi inani elinjalo. Ke, xa ulayisha isatifikethi, iGnuPG (kunye nolunye uphunyezo lwe-OpenPGP) iyaba ngumkhenkce.

Omnye wabasebenzisi yenze umfuniselo - ukungenisa isatifikethi kumthathe malunga nemizuzu eyi-10. Isatifikethi sasinotyikityo olungaphezulu kwamawaka angama-54, kwaye ubunzima bayo buyi-17 MB:

$ gpg --homedir=$PWD --recv C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
gpg: key F20691179038E5C6: 4 duplicate signatures removed
gpg: key F20691179038E5C6: 54614 signatures not checked due to missing keys
gpg: key F20691179038E5C6: 4 signatures reordered
gpg: key F20691179038E5C6: public key "Daniel Kahn Gillmor <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
$ ls -lh pubring.gpg
-rw-r--r--  1 filippo  staff    17M  2 Jul 16:30 pubring.gpg

Ukwenza izinto zibe mbi ngakumbi, iiseva ezingundoqo ze-OpenPGP azilususi ulwazi lwesatifikethi. Oku kwenziwa ukuze ukwazi ukulandelela ikhonkco lazo zonke izenzo kunye nezatifikethi kwaye uthintele ukutshintshwa kwazo. Ngoko ke, akunakwenzeka ukuphelisa izinto eziphazamisekileyo.

Ngokusisiseko, inethiwekhi ye-SKS yi "server yefayile" enkulu apho nabani na anokubhala idatha. Ukubonisa ingxaki, kunyaka ophelileyo umhlali weGitHub yenza inkqubo yefayile, egcina amaxwebhu kuthungelwano lweeseva eziphambili ze-cryptographic.

Kutheni ububuthathaka bungavalwanga?

Kwakungekho sizathu sokuvala ubuthathaka. Ngaphambili, yayingasetyenziselwa ukuhlaselwa kwe-hacker. Nangona uluntu lwe-IT wabuza ixesha elide Abaphuhlisi be-SKS kunye ne-OpenPGP kufuneka banikele ingqalelo kwingxaki.

Ukuze sibe nobulungisa, kuyafaneleka ukuba siqaphele ukuba ngoJuni basahlala yasungulwa iseva yesitshixo sovavanyo keys.openpgp.org. Inika ukhuseleko kwezi ntlobo zohlaselo. Nangona kunjalo, i-database yayo igcwele ukusuka ekuqaleni, kwaye iseva ngokwayo ayiyonxalenye ye-SKS. Ngoko ke, kuya kuthatha ixesha ngaphambi kokuba isetyenziswe.

/unsplash/ URubén Bagües

Ngokubhekiselele kwi-bug kwisixokelelwano soqobo, indlela enzima yongqamaniso iyayithintela ekubeni ingalungiswa. Inethiwekhi yeseva engundoqo yabhalwa kuqala njengobungqina bengcamango yethisisi ye-PhD kaYaron Minsky. Ngaphezu koko, ulwimi oluthile, i-OCaml, yakhethwa kulo msebenzi. Ngu ngokwe umgcini uRobert Hansen, ikhowudi kunzima ukuyiqonda, ngoko ke izilungiso ezincinci zenziwa kuyo. Ukulungisa uyilo lwe-SKS, kuya kufuneka ibhalwe kwakhona ukusuka ekuqaleni.

Kuyo nayiphi na imeko, i-GnuPG ayikholelwa ukuba inethiwekhi iyakuze ilungiswe. Kwiposti kwi-GitHub, abaphuhlisi bade babhala ukuba abacebisi ukusebenzisana ne-SKS Keyserver. Ngokwenyani, esi sesinye sezizathu ezingundoqo zokuba kutheni baqalise inguqulelo entsha yenkonzo yezitshixo.openpgp.org. Sinokubukela kuphela uphuhliso oluqhubekayo lweziganeko.

Izinto ezimbalwa ezivela kwibhlog yethu yeshishini:

• I-Botnet "i-spams" ngokusebenzisa ii-routers: into okufuneka uyazi
• I-DDoS kunye ne-5G: "umbhobho" ogqithiseleyo uthetha iingxaki ezininzi
• I-Firewall okanye i-DPI - izixhobo zokukhusela ngeenjongo ezahlukeneyo
• I-Intanethi ukuya kwilali - ukwakha inethiwekhi ye-Wi-Fi yerediyo

umthombo: www.habr.com