UJason A. Donenfeld, umbhali we-VPN WireGuard, ucebise ukuphunyezwa okuhlaziyiweyo kwe-RDRAND pseudo-random generator inombolo ejongene nokusebenza kwe/dev/random kunye/dev/urandom kwi-Linux kernel. Ekupheleni kukaNovemba, uJason ufakwe kwinani labagcini bomqhubi ongaqhelekanga kwaye ngoku upapashe iziphumo zokuqala zomsebenzi wakhe ekusebenzeni kwayo.
Ukuphunyezwa okutsha kuyaphawuleka ekutshintsheni kwayo ekusebenziseni i-BLAKE2s hash function endaweni ye-SHA1 kwimisebenzi yokuxuba i-entropy. Utshintsho luphucule ukhuseleko lwe-pseudo-random number generator ngokususa ingxaki ye-SHA1 algorithm kunye nokuphelisa ukubhala ngaphezulu kweVector yokuqalisa ye-RNG. Ekubeni i-algorithm ye-BLAKE2s iphezulu kune-SHA1 ekusebenzeni, ukusetyenziswa kwayo kwakhona kwaba nefuthe elihle ekusebenzeni kwe-pseudo-random generator inombolo (ukuvavanya kwinkqubo nge-Intel i7-11850H iprosesa ibonise ukunyuka kwe-131% kwisantya). Enye inzuzo yokudlulisa ukuxuba i-entropy kwi-BLAKE2 kukudityaniswa kwe-algorithms esetyenzisiweyo - i-BLAKE2 isetyenziswe kwi-ChaCha cipher, esele isetyenziselwa ukukhupha ukulandelelana okungahleliwe.
Ukongezelela, uphuculo lwenziwe kwi-crypto-secure pseudo-random number generator CRNG esetyenziswe kwifowuni ye-gerandom. Ukuphuculwa kubilisa ukukhawulela umnxeba kwijenereyitha ecothayo ye-RDRAND xa ukhupha i-entropy, ephucula ukusebenza ngamaxesha angama-3.7. UJason ubonise ukuba ukubiza i-RDRAND kunengqiqo kuphela kwimeko apho i-CRNG ingekaqaliswa ngokupheleleyo, kodwa ukuba ukuqaliswa kwe-CRNG kugqityiwe, ixabiso layo alichaphazeli umgangatho wokulandelelana okwenziwayo kwaye kule meko umnxeba kwi-RDRAND. inokuhanjiswa.
Utshintsho lucetywe ukuba lufakwe kwi-5.17 kernel kwaye sele ihlaziywe ngabaphuhlisi uTed Ts'o (umgcini wesibini umqhubi we-random), uGreg Kroah-Hartman (onoxanduva lokugcina isebe elizinzileyo le-Linux kernel) kunye noJean-Philippe Aumasson ( umbhali we-BLAKE2/3 algorithms).
umthombo: opennet.ru