Iprojekthi ye-Fedora ichaze isicwangciso sokukhubaza inkxaso yeesignesha zedijithali ezisekelwe kwi-SHA-1 algorithm kwi-Fedora Linux 39. Ukukhubaza kubandakanya ukuphelisa ukuthembela kwiisignesha ezisebenzisa i-SHA-1 hashes (SHA-224 iya kubhengezwa njengobuncinane obuxhaswayo kwidijithali. imisayino), kodwa ukugcina inkxaso ye-HMAC nge-SHA-1 kunye nokubonelela ngesakhono sokwenza iprofayile ye-LEGACY nge-SHA-1. Emva kokufaka utshintsho, ithala leencwadi le-OpenSSL liya kuthi ngokuzenzekelayo liqale ukubhloka isizukulwana kunye nokuqinisekiswa kotyikityo nge-SHA-1.
Ukukhubaza kucwangciswe ukuba kuqhutywe kwizigaba ezininzi: Kwi-Fedora Linux 36, utyikityo olusekwe kwi-SHA-1 luya kukhutshelwa ngaphandle kumgaqo-nkqubo we-βFUTUREβ, umgaqo-nkqubo wovavanyo TEST-FEDORA39 inikezelwe ukuvala i-SHA-1 ngesicelo umsebenzisi (uhlaziyo-i-crypto-polisi-setha i-TEST-FEDORA39), xa udala kwaye uqinisekisa iisignesha ezisekelwe kwi-SHA-1, izilumkiso ziya kuboniswa kwilogi. Ngethuba lokukhutshwa kwangaphambili kwe-beta ye-Fedora Linux 38, indawo yokugcina i-rawhide iya kuba nomgaqo-nkqubo ovimbela ukusetyenziswa kwe-SHA-1-based signatures, kodwa olu tshintsho aluyi kusetyenziswa kwi-beta kunye nokukhululwa kwe-Fedora Linux 38. Ngokukhutshwa kwe-Fedora Linux 39, umgaqo-nkqubo wokuyeka utyikityo olusekwe kwi-SHA-1 uya kunyanzeliswa ngokungagqibekanga.
Isicwangciso esicetywayo asikahlaziywa yi-FESCo (iKomiti yoLawulo lobuNjineli beFedora), ejongene necandelo lobugcisa bophuhliso lokusabalalisa i-Fedora. Ukuphela kwenkxaso yeesignesha ezisekelwe kwi-SHA-1 kungenxa yokwenyuka kokusebenza kohlaselo longquzulwano kunye nesimaphambili esinikiweyo (indleko yokukhetha ungquzulwano iqikelelwa kumashumi amawaka eedola). Abakhangeli banezatifikethi eziphawulweyo ezisayinwe kusetyenziswa i-sha-1 algorithm njengokungakhuselekanga ukusukela phakathi ku-2016.
umthombo: opennet.ru