Uma uzwa igama elithi “cryptography,” abanye abantu bakhumbula iphasiwedi yabo ye-Wi-Fi, ilokhi eluhlaza eduze kwekheli lewebhusayithi yabo abayintandokazi, nokuthi kunzima kangakanani ukungena ku-imeyili yomunye umuntu. Abanye bakhumbula uchungechunge lobungozi eminyakeni yakamuva ngezifinyezo ezishoyo (DROWN, FREAK, POODLE...), amalogo asesitayeleni kanye nesixwayiso sokubuyekeza isiphequluli sakho ngokushesha.

I-Cryptography ihlanganisa konke, kodwa i-essence kwelinye. Iphuzu liwukuthi kunomugqa oqondile phakathi kokulula nokuyinkimbinkimbi. Ezinye izinto kulula ukuzenza, kodwa kunzima ukuzihlanganisa, njengokuphula iqanda. Ezinye izinto kulula ukuzenza kodwa kunzima ukuzibuyisela lapho ingxenye encane, ebalulekile, ebalulekile ingekho: isibonelo, ukuvula umnyango okhiyiwe lapho "ingxenye ebalulekile" ingukhiye. I-Cryptography ifunda lezi zimo nokuthi zingasetshenziswa kanjani ekusebenzeni.

Eminyakeni yamuva nje, iqoqo lokuhlaselwa kwe-cryptographic seliphenduke i-zoo yama-logo acwebezelayo, agcwele amafomula avela emaphepheni esayensi, futhi kwanikeza umuzwa ovamile wokudangala wokuthi yonke into yonakele. Kodwa empeleni, ukuhlaselwa okuningi kusekelwe ezimisweni ezimbalwa ezijwayelekile, futhi amakhasi angapheli wamafomula avame ukubiliswa emibonweni elula ukuyiqonda.

Kulolu chungechunge lwezihloko, sizobheka izinhlobo ezahlukene zokuhlaselwa kwe-cryptographic, ngokugcizelela izimiso eziyisisekelo. Ngokujwayelekile futhi hhayi ngale ndlela, kodwa sizofaka okulandelayo:

• Amasu ayisisekelo: amandla anonya, ukuhlaziya imvamisa, ukuhumusha, ukwehliswa kanye namaphrothokholi ahlukene.
• Ukuba sengozini okuphawuliwe: I-FREAK, CRIME, POODLE, DROWN, Logjam.
• Amasu Athuthukile: ukuhlaselwa kwe-oracle (ukuhlasela kweVodenet, ukuhlasela kweKelsey); indlela yokuhlangana phakathi, ukuhlaselwa kosuku lokuzalwa, ukuchema kwezibalo (i-cryptanalysis ehlukile, i-cryptanalysis ebalulekile, njll.).
• Ukuhlaselwa kwesiteshi eceleni kanye nezihlobo zabo eziseduze, izindlela zokuhlaziya ukwehluleka.
• Ukuhlaselwa kokhiye basesidlangalaleni be-cryptography: impande ye-cube, ukusakaza, umlayezo ohlobene, ukuhlasela kwe-Coppersmith, i-algorithm ye-Pohlig-Hellman, isisefo senombolo, ukuhlasela kwe-Wiener, ukuhlasela kwe-Bleichenbacher.

Lesi sihloko sihlanganisa izinto ezingenhla kuze kufike ekuhlaselweni kukaKelsey.

Amasu Ayisisekelo

Ukuhlasela okulandelayo kulula ngomqondo wokuthi kungachazwa cishe ngokuphelele ngaphandle kwemininingwane eminingi yobuchwepheshe. Ake sichaze uhlobo ngalunye lokuhlasela ngamagama alula, ngaphandle kokungena ezibonelweni eziyinkimbinkimbi noma ezimweni zokusetshenziswa ezithuthukisiwe.

Okunye kwalokhu kuhlasela sekuphelelwe yisikhathi futhi sekuyiminyaka eminingi kungasetshenziswa. Abanye abantu bakudala abasalokhu benyonyobela abathuthukisi be-cryptosystem abangaqaphile ekhulwini lama-21. Inkathi yesimanje yokubhala ngokufihlekile ingabhekwa njengeqale ngokufika kwe-IBM DES, i-cipher yokuqala emelene nakho konke ukuhlaselwa kwalolu hlu.

Amandla anonya alula

Uhlelo lokubethela luqukethe izingxenye ezimbili: 1) umsebenzi wokubethela, othatha umlayezo (umbhalo ongenalutho) ohlanganiswe nokhiye, bese udala umlayezo obethelwe - i-ciphertext; 2) umsebenzi wokususa ukubethela othatha i-ciphertext nokhiye futhi ukhiqize umbhalo osobala. Kokubili ukubethela nokukhishwa kwekhodi kufanele kube lula ukubala ngokhiye—futhi kube nzima ukubala ngaphandle kwawo.

Ake sicabange ukuthi sibona i-ciphertext bese sizama ukuyisusa ngaphandle kolwazi olwengeziwe (lokhu kubizwa ngokuthi ukuhlasela kwe-ciphertext kuphela). Uma sithola ngomlingo ukhiye olungile, singaqinisekisa kalula ukuthi ulungile ngempela uma umphumela uwumlayezo ophusile.

Qaphela ukuthi kunemibono emibili engacacile lapha. Okokuqala, siyazi indlela yokwenza ukubethela, okungukuthi, ukuthi i-cryptosystem isebenza kanjani. Lona umcabango ojwayelekile lapho kuxoxwa nge-cryptography. Ukufihla imininingwane yokusetshenziswa kwe-cipher kubahlaseli kungase kubonakale njengesinyathelo sokuvikela esengeziwe, kodwa uma umhlaseli eseyitholile le mininingwane, lokhu kuvikeleka okwengeziwe kulahleka buthule futhi ngendlela engenakuhlehliswa. Kanjalo Isimiso se-Kerchhoffs: Uhlelo oluwela ezandleni zesitha akufanele lubangele ukuphazamiseka.

Okwesibili, sicabanga ukuthi ukhiye olungile uwukuphela kokhiye ozoholela ekubhalweni okunengqondo. Lokhu futhi kuwukucabangela okunengqondo; kuyaneliseka uma umbhalo wecipher mude kakhulu kunokhiye futhi ufundeka. Lokhu kuvame ukwenzeka emhlabeni wangempela, ngaphandle okhiye abakhulu abangasebenzi noma amanye ama-shenanigans angcono kakhulu ashiywe eceleni (uma ungathandi ukuthi seqe incazelo, sicela ubheke i-Theorem 3.8 lapha).

Ngokunikezwa okungenhla, isu liyavela: hlola wonke ukhiye okungenzeka. Lokhu kubizwa nge-brute force, futhi ukuhlasela okunjalo kuqinisekisiwe ukusebenza ngokumelene nawo wonke ama-ciphers asebenzayo - ekugcineni. Isibonelo, amandla anonya anele ukugebenga Caesar cipher, i-cipher yasendulo lapho ukhiye kuwuhlamvu olulodwa lwezinhlamvu zamagama, okusho okhiye abangaba ngaphezudlwana kuka-20.

Ngeshwa kuma-cryptanalysts, ukwandisa usayizi oyinhloko kuwukuzivikela okuhle ngokumelene namandla anonya. Njengoba usayizi wokhiye ukhula, inani lokhiye okungenzeka liyanda kakhulu. Ngosayizi ababalulekile besimanje, amandla e-brute alula awasebenzi ngokuphelele. Ukuze siqonde ukuthi siqonde ukuthini, ake sithathe i-supercomputer eyaziwa kakhulu kusukela maphakathi no-2019: Summit kusuka ku-IBM, ngokusebenza okuphezulu cishe kwemisebenzi eyi-1017 ngomzuzwana. Namuhla, ubude obujwayelekile bokhiye buyi-128 bits, okusho ukuthi inhlanganisela engenzeka ye-2128. Ukuze useshe kubo bonke okhiye, i-summit supercomputer izodinga isikhathi esicishe sibe izikhathi ezingu-7800 kunobudala be-Universe.

Ingabe amandla anonya kufanele abhekwe njengelukuluku lomlando? Akunjalo: kuyisithako esidingekayo ku-cookbook ye-cryptanalysis. Akuvamile ukuba ama-ciphers abe buthakathaka kangangokuthi angaphulwa kuphela ukuhlasela okuhlakaniphile, ngaphandle kokusebenzisa amandla ngezinga elilodwa noma elinye. Ama-hack amaningi aphumelelayo asebenzisa indlela ye-algorithmic ukwenza buthaka i-cipher eqondiwe kuqala, bese enze ukuhlasela kwe-brute force.

Ukuhlaziya imvamisa

Imibhalo eminingi ayiyona inhlamba. Isibonelo, emibhalweni yesiNgisi kunezinhlamvu eziningi 'e' nezindatshana 'the'; kumafayela kanambambili, kunamabhayithi amaningi anguziro njengokupakisha phakathi kwezingcezu zolwazi. Ukuhlaziya imvamisa yinoma yikuphi ukuhlasela okusebenzisa leli qiniso.

Isibonelo se-canonical se-cipher esengozini kulokhu kuhlasela i-substitution cipher elula. Kule cipher, ukhiye uyitafula elinazo zonke izinhlamvu ezishintshiwe. Isibonelo, u-'g' uthathelwa indawo 'h', 'o' ngo-j, ngakho igama elithi 'hamba' liba 'hj'. Le cipher inzima ukuyisebenzisa ngonya ngoba maningi kakhulu amathebula okubheka angenzeka. Uma unentshisekelo kwizibalo, ubude bokhiye obusebenzayo bucishe bube ngamabhithi angama-88: lokho
. Kodwa ukuhlaziya imvamisa ngokuvamile kwenza umsebenzi wenziwe ngokushesha.

Cabangela i-ciphertext elandelayo ecutshungulwe nge-cipher yokufaka esikhundleni elula:

XDYLY ALY UGLY XDWNKE WN DYAJYN ANF YALXD DGLAXWG XDAN ALY FLYAUX GR WN OGQL ZDWBGEGZDO

Kusukela Y kwenzeka njalo, kuhlanganise ekupheleni kwamagama amaningi, singase sicabange ukuthi lolu wuhlamvu e:

XDeLe ALe UGLe XDWNKE WN DeAJeN ANF eALXD DGLAXWG XDAN ALe FLeAUX GR WN OGQL ZDWBGEGZDO

Umbhangqwana XD kuphindwe ekuqaleni kwamagama amaningana. Ikakhulukazi, inhlanganisela XDeLe iphakamisa ngokucacile igama these noma there, ngakho siyaqhubeka:

theLe ALe UGLe thWNKE WN heAJeN ANF EALth DGLATWG kune-ALe FLeAUt GR WN OGQL ZDWBGEGZDO

Ake siphinde sicabange ukuthi L соответствует r, A - a njalo njalo. Cishe kuzothatha imizamo embalwa, kodwa uma kuqhathaniswa nokuhlasela kwebutho elinonya, lokhu kuhlasela kubuyisela umbhalo wangempela ngokushesha:

kunezinto eziningi ezulwini nasemhlabeni ngaphezu kokuphupha ngazo kufilosofi yakho

Kwabanye, ukuxazulula "ama-cryptograms" anjalo kuwumsebenzi othakazelisayo.

Umbono wokuhlaziya imvamisa ubaluleke kakhulu kunalokho okubonakala ekuqaleni. Futhi kusebenza kuma-ciphers ayinkimbinkimbi kakhulu. Kuwo wonke umlando, imiklamo ehlukahlukene ye-cipher izamile ukulwa nokuhlasela okunjalo isebenzisa "i-polyalphabetic substitution". Lapha, phakathi nenqubo yokubhala ngemfihlo, ithebula lokushintshwa kwezinhlamvu lilungiswa ngezindlela eziyinkimbinkimbi kodwa ezibikezelwayo ezincike kukhiye. Wonke la ma-ciphers ayebhekwa njengokunzima ukuwaphula ngesikhathi esisodwa; futhi nokho ukuhlaziya okunesizotha kobuningi ekugcineni kwabanqoba bonke.

I-polyalphabetic cipher efisa kakhulu emlandweni, futhi cishe edume kakhulu, kwakuyi-Enigma cipher yeMpi Yezwe II. Yayiyinkimbinkimbi uma iqhathaniswa neyangaphambi kwayo, kodwa ngemva kokusebenza kanzima, ama-cryptanalysts aseBrithani ayihlakaza esebenzisa ukuhlaziya imvamisa. Yebo, abakwazanga ukuthuthukisa ukuhlasela okuhle njengalokhu okuboniswe ngenhla; kwadingeka baqhathanise amapheya aziwayo ombhalo osobala kanye nemibhalo eyimfihlo (lokho okubizwa ngokuthi "ukuhlasela kwemibhalo engenalutho"), baze bachukumise abasebenzisi be-Enigma ukuthi babhale ngemfihlo imilayezo ethile futhi bahlaziye umphumela ("ukuhlasela okukhethiwe kwemibhalo engenalutho"). Kodwa lokhu akuzange kwenze isiphetho samabutho ezitha anqotshiwe kanye nemikhumbi-ngwenya ecwilisiwe ibe lula.

Ngemva kwalokhu kunqoba, ukuhlaziywa kwemvamisa kwanyamalala emlandweni we-cryptanalysis. Ama-ciphers enkathini yedijithali yesimanje aklanyelwe ukusebenza ngamabhithi, hhayi izinhlamvu. Okubaluleke nakakhulu, lawa ma-ciphers aklanywe ngokuqonda okumnyama kwalokho kamuva okwakwaziwa ngokuthi Umthetho kaSchneier: Noma ubani angakwazi ukudala i-algorithm yokubethela yena ngokwakhe angakwazi ukuyiphula. Akwanele ohlelweni lokubethela kubonakala kunzima: ukufakazela ukubaluleka kwayo, kufanele kuhlolwe ukuphepha okungenamusa ngabaningi be-cryptanalyst abazokwenza konke okusemandleni abo ukuze baqhekeze i-cipher.

Izibalo zokuqala

Thatha idolobha lokucabanga le-Precom Heights, inani labantu abangu-200. Ikhaya ngalinye edolobheni liqukethe izinto ezibalulekile ezingabiza u-$000, kodwa ezingekho ngaphezu kuka-$30. Imakethe yezokuvikela e-Precom ilawulwa yi-ACME Industries, ekhiqiza izingidi zeminyango yekilasi le-Coyote™. Ngokusho kokuhlaziywa kochwepheshe, ukukhiya kwesigaba se-Coyote kungaphulwa kuphela umshini wokucabangela oyinkimbinkimbi kakhulu, ukwakhiwa kwawo okudinga iminyaka emihlanu kanye ne-$ 000 yokutshalwa kwezimali. Ingabe idolobha liphephile?

Cishe cha. Ekugcineni, kuzovela isigebengu esinesifiso sokuvelela. Uzocabanga kanje: “Yebo, ngizongena ezindlekweni ezinkulu. Iminyaka emihlanu yokulinda isiguli, kanye no-$50. Kodwa uma sengiqedile, ngizoba nokufinyelela yonke ingcebo yalo muzi. Uma ngidlala kahle amakhadi ami, le mali izozikhokhela izikhathi eziningi.”

Kuyafana nakuma-cryptography. Ukuhlaselwa kwe-cipher ethile kungaphansi kokuhlaziywa kwezindleko zenzuzo engenaluzwela. Uma isilinganiso sivuma, ukuhlasela ngeke kwenzeke. Kodwa ukuhlasela okusebenzela abantu abaningi abangase babe izisulu ngasikhathi sinye cishe njalo kuyazuzisa, lapho isimo esingcono kakhulu sokuklama kuwukucabanga ukuthi kwaqala kusukela ngosuku lokuqala. Empeleni sinenguqulo ye-cryptographic yoMthetho ka-Murphy: "Noma yini engaphula isistimu izophula uhlelo."

Isibonelo esilula kakhulu se-cryptosystem esengozini yokuhlaselwa kwe-computation i-cipher engenakhiye engaguquki. Kwaba njalo nge I-cipher kaKhesari, emane iguqule uhlamvu ngalunye lwezinhlamvu izinhlamvu ezintathu liye phambili (ithebula liyakhiywa, ngakho uhlamvu lokugcina lwezinhlamvu lubethelwe okwesithathu). Nalapha futhi umgomo we-Kerchhoffs uyaqala ukusebenza: uma uhlelo selugqekeziwe, lugqekezwa unomphela.

Umqondo ulula. Ngisho nomthuthukisi we-cryptosystem we-novice cishe uzokwazi ukubona usongo futhi azilungiselele ngokufanele. Uma ubheka ukuvela kwe-cryptography, ukuhlaselwa okunjalo bekungafaneleki kuma-ciphers amaningi, kusukela ezinguqulweni zokuqala ezithuthukisiwe ze-cipher Caesar kuze kube kwehla ama-polyalphabetic ciphers. Ukuhlasela okunjalo kwabuya kuphela lapho kufika inkathi yesimanje yokubhala ngokuyimfihlo.

Lokhu kubuyisela kungenxa yezinto ezimbili. Okokuqala, ekugcineni kwavela ama-cryptosystems ayinkimbinkimbi ngokwanele, lapho kungenzeka khona ukuxhashazwa ngemva kokugetshengwa kwakungabonakali. Okwesibili, i-cryptography yanda kangangokuthi izigidi zabantu abavamile zenza izinqumo nsuku zonke mayelana nokuthi yiziphi izingxenye ze-cryptography okufanele zisetshenziswe kabusha. Kuthathe isikhathi ngaphambi kokuthi ochwepheshe babone ubungozi futhi baphakamise i-alamu.

Khumbula ukuhlasela kwe-precomputation: ekupheleni kwesihloko sizobheka izibonelo ezimbili ze-cryptographic zangempela zokuphila lapho kwadlala indima ebalulekile.

Ukutolika

Nangu umphenyi odumile u-Sherlock Holmes, enza ukuhlasela kwegama elibi likaDkt. Watson:

Ngokushesha ngaqagela ukuthi uvela e-Afghanistan... Isitimela sami somcabango saba kanje: “Le ndoda iwudokotela ngohlobo, kodwa inamandla ezempi. Ngakho, udokotela wezempi. Usanda kufika evela ezindaweni ezishisayo - ubuso bakhe bumnyama, kodwa lokhu akuwona umthunzi wemvelo wesikhumba sakhe, njengoba izihlakala zakhe zimhlophe kakhulu. Ubuso buyaphithizela - kusobala ukuthi uhlupheke kakhulu futhi uphethwe wukugula. Ubelimele esandleni sakhe sobunxele - usibambe singanyakazi futhi kancane ngendlela ephambene nemvelo. Kukuphi ezindaweni ezishisayo udokotela wezempi wamaNgisi angabekezelela ubunzima futhi alimale? Yebo, e-Afghanistan. " Sonke isitimela somcabango asithathanga ngisho umzuzwana. Ngakho-ke ngathi uvela e-Afghanistan, futhi wamangala.

U-Holmes angakhipha ulwazi oluncane kakhulu ocezwini ngalunye lobufakazi ngabanye. Wayengafinyelela esiphethweni sakhe ngokuzicabangela zonke ndawonye. Ukuhlasela kwe-interpolation kusebenza ngokufanayo ngokuhlola imibhalo esobala eyaziwayo kanye namapheya e-ciphertext aphuma kukhiye ofanayo. Kusuka kubhangqa ngalinye, kukhishwa okuphawulwe ngakunye okuvumela isiphetho esivamile mayelana nokhiye ozothathwa. Zonke lezi ziphetho azicacile futhi zibonakala zingenamsebenzi kuze kube yilapho ngokuzumayo zifinyelela isisindo esibucayi futhi ziholela esiphethweni esingaba khona kuphela: kungakhathaliseki ukuthi kumangalisa kangakanani, kufanele kube yiqiniso. Ngemva kwalokhu, noma ukhiye wembulwa, noma inqubo yokususa ukubethela iba ngcono kangangokuthi ingaphindaphindeka.

Ake sifanekise ngesibonelo esilula ukuthi ukuhumusha kusebenza kanjani. Ake sithi sifuna ukufunda idayari yomuntu siqu yesitha sethu, uBob. Ubhala ngemfihlo zonke izinombolo kudayari yakhe esebenzisa i-cryptosystem elula afunde ngayo esikhangisweni esikumagazini othi "A Mock of Cryptography." Uhlelo lusebenza kanje: UBob ukhetha izinombolo ezimbili azithandayo: и . Kusukela manje kuqhubeke, ukuze ubethele noma iyiphi inombolo , iyabala . Isibonelo, uma uBob ekhetha и , bese kuba inombolo izobethelwa njenge .

Ake sithi ngoDisemba 28 saqaphela ukuthi uBob wayenwaya okuthile encwadini yakhe yezenzakalo. Uma eseqedile, sizoyilanda buthule futhi sibuke okokugcina:

Usuku: 235/520

Idayari ethandekayo,

Namuhla bekuwusuku oluhle. Ngokusebenzisa 64 namuhla nginosuku no-Alisa, ohlala efulethini 843. Ngicabanga ngempela ukuthi kungenzeka 26!

Njengoba sizimisele kakhulu ngokulandela u-Bob ngosuku lwakhe (sobabili sineminyaka engu-15 kulesi simo), kubalulekile ukwazi usuku kanye nekheli lika-Alice. Ngenhlanhla, siyaqaphela ukuthi i-cryptosystem ka-Bob isengozini yokuhlaselwa kwe-interpolation. Kungenzeka asazi и , kodwa siyalwazi usuku lwanamuhla, ngakho sinamapheya amabili ombhalo ongenalutho. Okungukuthi, siyakwazi lokho kubethelwe ku , futhi - v . Nakhu esizokubhala phansi:

Njengoba sineminyaka engu-15 ubudala, sesivele sazi ngohlelo lwezibalo ezimbili ezingaziwa ezimbili, kulesi simo okwanele ukuthola и ngaphandle kwezinkinga. Ipheya ngalinye lombhalo ongacacile-ciphertext libeka umgoqo kukhiye ka-Bob, futhi lezi zingqinamba ezimbili zihlangene zanele ukubuyisela ngokuphelele ukhiye. Esibonelweni sethu impendulo ithi и (kwe , ngakho 26 encwadini yezenzakalo ihambisana negama elithi 'lona', okungukuthi, "ofanayo" - cishe. umzila).

Yiqiniso, ukuhlaselwa kwe-interpolation akugcini nje ngezibonelo ezilula. Yonke i-cryptosystem eyehlela entweni yezibalo eqondwa kahle kanye nohlu lwamapharamitha isengozini yokuhlaselwa kwe-interpolation—uma into iqondakala kakhudlwana, ingozi iyanda.

Abasanda kufika bavame ukukhononda ngokuthi i-cryptography “iwubuciko bokuklama izinto ezimbi ngangokunokwenzeka.” Ukuhlaselwa kwe-interpolation cishe kuyimbangela enkulu. U-Bob angasebenzisa idizayini yezibalo enhle kakhulu noma agcine usuku lwakhe no-Alice luyimfihlo - kodwa maye, ngokuvamile awukwazi ukuba nalo ngezindlela zombili. Lokhu kuzocaca kakhulu uma ekugcineni sifika esihlokweni se-cryptography yokhiye womphakathi.

Iphrothokholi ephambanayo/yehlisa

Encwadini ethi Now You See Me (2013), ithimba lamaqili azama ukuqola isikhulu somshwalense esikhohlakele u-Arthur Tressler ukuze akhiphe yonke ingcebo yakhe. Ukuze bathole ukufinyelela ku-akhawunti yasebhange ka-Arthur, labo abakhohlisayo kufanele banikeze igama lakhe lomsebenzisi nephasiwedi noma bamphoqe ukuthi avele mathupha ebhange futhi abambe iqhaza ohlelweni.

Zombili izinketho zinzima kakhulu; Abafana bajwayele ukwenza esiteji, futhi bangahlanganyeli emisebenzini yezobunhloli. Ngakho-ke bakhetha inketho yesithathu engenzeka: ozakwabo ubiza ibhange futhi azenze u-Arthur. Ibhange libuza imibuzo eminingana ukuze liqinisekise ukuthi ungubani, njengegama likamalume kanye negama lesilwane sokuqala esifuywayo; amaqhawe ethu kusengaphambili balukhipha kalula lolu lwazi ku-Arthur besebenzisa ubunjiniyela bezenhlalo obuhlakaniphile. Kusukela kuleli phuzu kuqhubeke, ukuphepha okuhle kakhulu kwephasiwedi akusabalulekile.

(Ngokwenganekwane yasemadolobheni esiye saqinisekisa futhi sayiqinisekisa mathupha, umdwebi wezincwadi u-Eli Beaham wake wahlangana nomthengisi wasebhange owaphikelela ekubuzeni umbuzo wezokuphepha. Lapho umtsheleli ecela igama likagogo wakhe ozala umama, u-Beaham waqala ukubiza: “Inhloko-dolobha X, encane y, ezintathu ... ").

Kuyafana ekubhalweni kwemfihlo, uma izivumelwano ezimbili ze-cryptographic zisetshenziswa ngokuhambisana ukuze kuvikelwe impahla efanayo, futhi eyodwa ibuthakathaka kakhulu kunenye. Isistimu ewumphumela iba sengozini yokuhlaselwa kwe-cross-protocol, lapho iphrothokholi ebuthakathaka ihlaselwa ukuze kufinyelelwe emklomelweni ngaphandle kokuthinta onamandla.

Kwezinye izimo eziyinkimbinkimbi, akwanele ukumane uxhumane neseva usebenzisa iphrothokholi ebuthakathaka, kodwa kudinga ukubamba iqhaza okungahleliwe kweklayenti elisemthethweni. Lokhu kungahlelwa kusetshenziswa lokho okubizwa ngokuthi ukuhlasela kokwehlisa izinga. Ukuze siqonde lokhu kuhlasela, ake sicabange ukuthi abakhohlisi bethu banomsebenzi onzima kakhulu kunasefilimu. Ake sicabange ukuthi isisebenzi sasebhange (osokheshi) kanye no-Arthur bahlangabezane nezimo ezithile ezingalindelekile, okwaphumela kungxoxo elandelayo:

Umgqekezi: Sawubona? Lona ngu-Arthur Tressler. Ngingathanda ukusetha kabusha iphasiwedi yami.

Ukheshi: Kuhle. Sicela ubheke ibhuku lakho lekhodi eyimfihlo, ikhasi 28, igama 3. Yonke imilayezo elandelayo izobethelwa kusetshenziswa leli gama elikhethekile njengokhiye. I-PQJGH. I-LOTJNAM PGGY MXVRL ZZLQ SRIU HHNMLPPPV…

Umgqekezi: Sawubona, linda, linda. Ingabe lokhu kuyadingeka ngempela? Asikwazi nje ukukhuluma njengabantu abavamile?

Ukheshi: Angincomi ukwenza lokhu.

Umgqekezi: Ngivele...buka, ngibe nosuku olubuhlungu, kulungile? Ngiyiklayenti le-VIP futhi angikho esimweni sokufunda lezi zincwadi zamakhodi ayisiphukuphuku.

Ukheshi: Kuhle. Uma ugcizelela, Mnu. Tressler. Ufunani?

Umgqekezi: Ngiyacela, ngingathanda ukunikela ngayo yonke imali yami ku-Arthur Tressler National Victims Fund.

(Yima kancane).

Ukheshi: Sekucacile manje. Sicela unikeze iphinikhodi yakho uma kwenziwa izinto ezinkulu.

Umgqekezi: Yini yami?

Ukheshi: Ngokwesicelo sakho somuntu siqu, ukuthengiselana kwalo sayizi kudinga iphinikhodi uma kwenziwa izinto ezinkulu. Le khodi inikezwe wena ngenkathi uvula i-akhawunti yakho.

Umgqekezi:... Ngilahlekelwe. Ingabe lokhu kuyadingeka ngempela? Awukwazi ukuvele uvumele isivumelwano?

Ukheshi: Cha. Ngiyaxolisa, Mnu. Tressler. Futhi, lesi isilinganiso sokuphepha osicelile. Uma ufuna, singakuthumelela i-PIN khodi entsha ebhokisini lakho leposi.

Amaqhawe ethu ahlehlise ukuhlinzwa. Balalela izinto eziningi ezinkulu zika-Tressler, benethemba lokuzwa iphinikhodi; kodwa ngaso sonke isikhathi ingxoxo iphenduka i-gibberish enekhodi ngaphambi kokuthi kukhulunywe noma yini ethakazelisayo. Ekugcineni, ngolunye usuku oluhle, icebo liyasetshenziswa. Balinda ngesineke isikhathi lapho u-Tressler kufanele enze ukuthengiselana okukhulu ngocingo, angene kulayini, bese...

Tressler: Sawubona. Ngicela, ukuqedela okwenziwayo ngikude.

Ukheshi: Kuhle. Sicela ubheke incwadi yakho yekhodi eyimfihlo, ikhasi...

(Isigebengu sicindezela inkinobho; izwi lika-cashier liphenduka umsindo ongaqondakali).

Ukheshi: - #@$#@$#*@$$@#* izobethelwa ngaleli gama njengokhiye. AAAYRR PLRQRZ MMNJK LOJBAN...

Tressler: Uxolo, angizange ngiqonde. Futhi? Kuliphi ikhasi? Yiliphi igama?

Ukheshi: Leli ikhasi @#$@#*$)#*#@()#@$(#@*$(#@*.

Tressler: Yini

Ukheshi: Inombolo yegama engamashumi amabili @$#@$#%#$.

Tressler: Ngokujulile! Sekwanele! Wena kanye nephrothokholi yakho yezokuphepha niwuhlobo oluthile lwesekisi. Ngiyazi ukuthi ungakhuluma nami nje ngokujwayelekile.

Ukheshi: Angincomi...

Tressler: Futhi angikululeki ukuthi uchithe isikhathi sami. Angisafuni ukuzwa okwengeziwe ngalokhu uze ulungise izinkinga zolayini wefoni yakho. Singakwazi ukuphothula lesi sivumelwano noma cha?

Ukheshi:… Yebo. Kuhle. Ufunani?

Tressler: Ngingathanda ukudlulisela u-$20 ku-Lord Business Investments, inombolo ye-akhawunti...

Ukheshi: Ngicela, umzuzu owodwa. Kuyinto enkulu. Sicela unikeze iphinikhodi yakho uma kwenziwa izinto ezinkulu.

Tressler: Ini? O, impela. 1234.

Nakhu ukuhlasela okuya phansi. Iphrothokholi ebuthakathaka "khuluma nje ngokuqondile" yayicatshangwa ukuthi inketho uma kunesimo esiphuthumayo. Nokho sesikhona.

Ungase uzibuze ukuthi ubani osengqondweni yakhe ongaklama uhlelo lwangempela "oluphephile kuze kube yilapho lubuzwa ngenye indlela" njengalolu oluchazwe ngenhla. Kodwa njengoba nje ibhange eliqanjiwe lithatha ubungozi ukuze ligcine amakhasimende angathandi ukubhala ngemfihlo, amasistimu ngokuvamile adonsela ezidingweni ezingenandaba noma ezimelene kakhulu nokuphepha.

Yilokho kanye okwenzeka ngephrothokholi ye-SSLv2 ngo-1995. Sekuyisikhathi eside uhulumeni wase-US eqala ukubuka i-cryptography njengesikhali esigcinwe kude nezitha zangaphandle nezasekhaya. Izingcezu zekhodi ziye zagunyazwa ngazinye ukuze zithunyelwe zisuka e-United States, ngokuvamile ngesimo sokuthi i-algorithm yenziwe buthaka ngamabomu. I-Netscape, unjiniyela wesiphequluli esidume kakhulu, i-Netscape Navigator, inikezwe imvume ye-SSLv2 kuphela ngokhiye osengozini we-512-bit RSA (kanye no-40-bit we-RC4).

Ekupheleni kwenkulungwane yeminyaka, imithetho yayisikhululekile futhi ukufinyelela ekubhalweni kwesimanjemanje kwase kutholakala kabanzi. Kodwa-ke, amaklayenti namaseva asekele i-cryptography "yokuthekelisa" ebuthakathaka iminyaka eminingi ngenxa yesimo esifanayo esigcina ukusekelwa kwanoma iyiphi isistimu yefa. Amaklayenti akholelwa ukuthi angase ahlangane neseva engasekeli noma yini enye. Amaseva enze okufanayo. Kunjalo, iphrothokholi ye-SSL ibeka ukuthi amaklayenti namaseva akufanele nanini asebenzise iphrothokholi ebuthaka lapho engcono itholakala. Kodwa isisekelo esifanayo sasebenza ku-Tressler nebhange lakhe.

Le thiyori ithole indlela yayo ekuhlaselweni okubili okuphezulu okwanyakazisa ukuphepha kwephrothokholi ye-SSL ngo-2015, yomibili etholwe abacwaningi beMicrosoft kanye. INRIA. Okokuqala, imininingwane yokuhlasela kwe-FREAK yembulwa ngoFebhuwari, kwalandelwa izinyanga ezintathu kamuva okunye ukuhlasela okufanayo okubizwa ngokuthi i-Logjam, esizoxoxa ngayo ngokuningiliziwe uma siqhubekela phambili ekuhlaselweni kwe-cryptography ebalulekile yomphakathi.

Ukuba sengozini I-FREAK (eyaziwa nangokuthi "i-Smack TLS") yavela lapho abacwaningi behlaziya ukusetshenziswa kweklayenti/iseva ye-TLS futhi bathola iphutha lokufuna ukwazi. Kulokhu kuqaliswa, uma iklayenti lingaceli ngisho nokusebenzisa i-cryptography yokuthekelisa ebuthakathaka, kodwa iseva isaphendula ngokhiye abanjalo, iklayenti lithi “Oh kahle” bese lishintshela ku-cipher suite ebuthakathaka.

Ngaleso sikhathi, i-cryptography yokuthekelisa yayibhekwa kabanzi njengephelelwe yisikhathi futhi ivinjelwe, ngakho ukuhlasela kufike njengokushaqeka okuphelele futhi kwathinta izizinda eziningi ezibalulekile, kuhlanganise ne-White House, i-IRS, kanye nezindawo ze-NSA. Okubi nakakhulu, kuvele ukuthi amaseva amaningi asengozini abethuthukisa ukusebenza ngokuphinda asebenzise okhiye abafanayo esikhundleni sokukhiqiza abasha kuseshini ngayinye. Lokhu kwenza ukuthi, ngemva kokwehliswa kwephrothokholi, ukufeza ukuhlasela kwangaphambi kokubala: ukuqhekeza ukhiye owodwa kwahlala kubiza kakhulu ($ 100 namahora angu-12 ngesikhathi sokushicilela), kodwa izindleko ezingokoqobo zokuhlasela uxhumano zancipha kakhulu. Kwanele ukukhetha ukhiye weseva kanye futhi uhlukanise ukubethela kwakho konke ukuxhumana okulandelayo kusukela ngaleso sikhathi kuqhubeke.

Futhi ngaphambi kokuthi siqhubeke, kunokuhlasela okukodwa okuthuthukile okudingeka kukhulunywe...

Ukuhlasela kwe-Oracle

UMoxie Marlinspike owaziwa kakhulu njengoyise wohlelo lokusebenza lokuthumela imiyalezo ye-crypto-cross-platform; kodwa thina mathupha sithanda enye yezindlela zakhe ezintsha ezaziwa kancane - umgomo we-cryptographic doom (I-Cryptographic Doom Principle). Ukuchaza kancane, singasho lokhu: “Uma umthetho olandelwayo usebenza noma yenza umsebenzi wokufihla umlayezo ovela emthonjeni oyingozi futhi iziphatha ngendlela ehlukile kuye ngomphumela, izophela." Noma ngendlela ebukhali: “Ungathathi ulwazi esitheni ukuze lucutshungulwe, futhi uma kufanele, okungenani ungawubonisi umphumela.”

Masishiye eceleni isigcinalwazi sichichima, imijovo yokuyala, nokunye okunjalo; zingaphezu kobubanzi bale ngxoxo. Ukwephulwa "komgomo we-doom" kuholela ekugebengwini okujulile kwe-cryptography ngenxa yokuthi umthetho olandelwayo uziphatha ngendlela elindelekile.

Njengesibonelo, ake sithathe idizayini engelona iqiniso ene-cipher yokufaka esengozini, bese sibonisa ukuhlasela okungenzeka. Nakuba sesivele sibone ukuhlaselwa kwe-substitution cipher kusetshenziswa ukuhlaziywa kwemvamisa, akuyona nje "enye indlela yokuphula i-cipher efanayo." Ngokuphambene nalokho, ukuhlaselwa kwe-oracle kuwukusungulwa kwesimanje kakhulu, okusebenzayo ezimweni eziningi lapho ukuhlaziya imvamisa kwehluleka, futhi sizobona ukuboniswa kwalokhu esigabeni esilandelayo. Lapha i-cipher elula ikhethwa kuphela ukwenza isibonelo sicace kakhudlwana.

Ngakho u-Alice no-Bob bayaxhumana besebenzisa i-cipher elula yokufaka esikhundleni besebenzisa ukhiye owaziwa yibona kuphela. Ziqinile kakhulu ngobude bemiyalezo: zinezinhlamvu ezingama-20 ncamashi. Ngakho-ke bavumelene ngokuthi uma othile efuna ukuthumela umlayezo omfushane, kufanele engeze umbhalo oyidumi ekugcineni komlayezo ukuze awenze izinhlamvu ezingu-20 ncamashi. Ngemva kwengxoxo ethile, banquma ukuthi bazokwamukela kuphela imibhalo elandelayo eyinkohliso: a, bb, ccc, dddd njll. Ngakho, umbhalo oyidumi wanoma ibuphi ubude obudingekayo uyaziwa.

Lapho u-Alice noma u-Bob bethola umlayezo, baqale bahlole ukuthi umlayezo uwubude obufanele (izinhlamvu ezingu-20) nokuthi isijobelelo siwumbhalo olungile we-dummy. Uma kungenjalo, baphendula ngomlayezo wephutha ofanele. Uma ubude bombhalo nombhalo we-dummy kulungile, umamukeli ufunda umlayezo ngokwawo futhi athumele impendulo ebethelwe.

Ngesikhathi sokuhlasela, umhlaseli uzenza u-Bob futhi athumele imilayezo mbumbulu ku-Alice. Imilayezo iwumbhedo ophelele - umhlaseli akanawo ukhiye, ngakho akakwazi ukuqamba umlayezo ozwakalayo. Kodwa njengoba umthetho olandelwayo wephula isimiso se-doom, umhlaseli usengakwazi ukucupha u-Alice ukuze embule ulwazi olubalulekile, njengoba kukhonjisiwe ngezansi.

Umgqekezi: PREWF ZHJKL MMMN. LA

U-Alice: Umbhalo ongavumelekile.

Umgqekezi: PREWF ZHJKL MMMN. LB

U-Alice: Umbhalo ongavumelekile.

Umgqekezi: PREWF ZHJKL MMMN. LC

U-Alice: ILCT? TLCT RUWO PUT KCAW CPS OWPOW!

Umgqekezi akazi ukuthi u-Alice utheni, kodwa uyaphawula ukuthi uphawu C kumele ifane a, njengoba u-Alice emukele umbhalo we-dummy.

Umgqekezi: REWF ZHJKL MMMN. LAA

U-Alice: Umbhalo ongavumelekile.

Umgqekezi: REWF ZHJKL MMMN. LBB

U-Alice: Umbhalo ongavumelekile.

Ngemva kwemizamo eminingi...

Umgqekezi: REWF ZHJKL MMMN. LGG

U-Alice: Umbhalo ongavumelekile.

Umgqekezi: REWF ZHJKL MMMN. LHH

U-Alice: TLQO JWCRO FQAW SUY LCR C OWQXYJW. IW PWWR TU TCFA CHUYT TLQO JWFCTQUPOLQZ.

Futhi, umhlaseli akazi ukuthi u-Alice usanda kuthini, kodwa uyaphawula ukuthi u-H kumele afane no-b njengoba u-Alice emukele umbhalo oyidumi.

Futhi njalo kuze kube yilapho umhlaseli eyazi incazelo yomlingiswa ngamunye.

Ekuboneni kokuqala, le ndlela ifana nokuhlasela kwemibhalo engenalutho ekhethiwe. Ekugcineni, umhlaseli ukhetha ama-ciphertexts, futhi iseva iyawacubungula ngokulalela. Umehluko omkhulu owenza lokhu kuhlasela kusebenze emhlabeni wangempela ukuthi umhlaseli akadingi ukufinyelela okulotshiweyo kwangempela—impendulo yeseva, ngisho neyodwa engenacala njengokuthi “Umbhalo we-dummy ongavumelekile,” kwanele.

Nakuba lokhu kuhlasela kufundisa, ungagxili kakhulu emininingwaneni ethi "dummy text" scheme, i-cryptosystem ethile esetshenzisiwe, noma ukulandelana okuqondile kwemilayezo ethunyelwe umhlaseli. Umbono oyisisekelo ukuthi u-Alice usabela kanjani ngendlela ehlukile ngokusekelwe ezimpahleni zombhalo ongenalutho, futhi wenza kanjalo ngaphandle kokuqinisekisa ukuthi umbhalo we-ciphertext ohambisanayo uvele eqenjini elithembekile. Ngakho-ke, u-Alice uvumela umhlaseli ukuthi ashuthe imininingwane eyimfihlo ezimpendulweni zakhe.

Kuningi okungashintshwa kulesi simo. Izimpawu u-Alice asabela kuzo, noma umehluko ekuziphatheni kwakhe, noma ngisho ne-cryptosystem esetshenzisiwe. Kodwa isimiso siyohlala sinjalo, futhi ukuhlasela sekukonke kuzohlala kusebenza ngendlela eyodwa noma enye. Ukuqaliswa okuyisisekelo kwalokhu kuhlasela kusize embuleni iziphazamisi zokuphepha ezimbalwa, esizozibheka maduze; kodwa okokuqala kunezifundo zethiyori okufanele zifundwe. Ungayisebenzisa kanjani le "script Alice" eqanjiwe ekuhlaselweni okungasebenza ku-cipher yangempela yesimanje? Ingabe lokhu kungenzeka, ngisho nasemcabangweni?

Ngo-1998, umdwebi wezincwadi waseSwitzerland uDaniel Bleichenbacher waphendula lo mbuzo ngokuvuma. Ubonise ukuhlasela kwezwi kukhiye womphakathi we-cryptosystem RSA osetshenziswa kabanzi, esebenzisa uhlelo oluthile lomlayezo. Kokunye ukusetshenziswa kwe-RSA, iseva iphendula ngemilayezo ehlukile yamaphutha kuye ngokuthi umbhalo osobala ufana nohlelo noma cha; lokhu kwanele ukwenza ukuhlasela.

Eminyakeni emine kamuva, ngo-2002, umdwebi wezincwadi ongumFulentshi u-Serge Vaudenay wabonisa ukuhlasela kwezwi okucishe kufane nalokhu okuchazwe esimweni sika-Alice ngenhla - ngaphandle kokuthi esikhundleni se-cipher eqanjiwe, wephula lonke ikilasi elihloniphekile lama-ciphers esimanje asetshenziswa abantu ngempela. Ikakhulukazi, ukuhlasela kuka-Vaudenay kuqondise ama-cipher osayizi omisiwe ("block ciphers") lapho esetshenziswa kulokho okubizwa ngokuthi "imodi yokubethela ye-CBC" kanye nohlelo oluthile lokupheda oludumile, olulingana ngokuyisisekelo nalolo olukusimo sika-Alice.

Futhi ngo-2002, American cryptographer John Kelsey - co-author Kabili - ihlongoze ukuhlaselwa kwe-oracle okuhlukahlukene kumasistimu acindezela imilayezo bese ibhala ngemfihlo. Okuphawuleka kakhulu phakathi kwalokhu kwakuwukuhlasela okwasizakala ngeqiniso lokuthi ngokuvamile kungenzeka ukunquma ubude bangempela bombhalo osobala kusukela kubude bombhalo obhaliwe. Ngokombono, lokhu kuvumela ukuhlasela kwezwi elithola izingxenye zombhalo osobala wokuqala.

Ngezansi sinikeza incazelo eningiliziwe yokuhlasela kuka-Vaudenay no-Kelsey (sizonikeza incazelo enemininingwane eminingi yokuhlasela kwe-Bleichenbacher uma siqhubekela phambili ekuhlaselweni kokhiye basesidlangalaleni be-cryptography). Naphezu kwemizamo yethu emihle kakhulu, umbhalo uba ngobuchwepheshe ngandlela-thile; ngakho-ke uma okungenhla kwanele kuwe, yeqa izigaba ezimbili ezilandelayo.

Ukuhlasela kukaVodene

Ukuze siqonde ukuhlasela kwe-Vaudenay, okokuqala sidinga ukukhuluma okwengeziwe ngama-block ciphers nezindlela zokubethela. I-"block cipher" isho, njengoba kushiwo, i-cipher ethatha ukhiye kanye nokokufaka kobude obunqunyiwe obuthile ("ubude bebhulokhi") futhi ikhiqize ibhulokhi ebethelwe enobude obufanayo. Ama-block cipher asetshenziswa kakhulu futhi athathwa njengavikelekile uma kuqhathaniswa. I-DES manje esele umhlalaphansi, ethathwa njenge-cipher yokuqala yesimanje, ibiyi-block cipher. Njengoba kushiwo ngenhla, okufanayo kuyiqiniso nge-AES, esetshenziswa kabanzi namuhla.

Ngeshwa, ama-block cipher anobuthakathaka obubodwa obusobala. Usayizi webhulokhi ojwayelekile ungamabhithi angu-128, noma izinhlamvu ezingu-16. Ngokusobala, i-cryptography yesimanje idinga ukusebenza ngedatha yokufaka emikhulu, futhi kulapho izindlela zokubethela ziqala ukusebenza khona. Imodi yokubethela empeleni iwukugebenga: iyindlela yokuthi ngandlela thize usebenzise i-block cipher eyamukela kuphela okokufaka kosayizi othile ekufakweni kobude obungavunyelwe.

Ukuhlasela kukaVodene kugxile kumodi yokusebenza edumile ye-CBC (Cipher Block Chaining). Ukuhlasela kuphatha i-underlying block cipher njengomlingo, ibhokisi elimnyama elingangeneki futhi kweqa ukuphepha kwalo ngokuphelele.

Nawu umdwebo obonisa ukuthi imodi ye-CBC isebenza kanjani:

Ukuhlanganisa okuyindilinga kusho ukusebenza kwe-XOR (okukhethekile NOMA). Isibonelo, ibhulokhi yesibili ye-ciphertext yamukelwe:

1. Ngokwenza umsebenzi we-XOR ebhulokhini lesibili lombhalo ongenalutho onebhulokhi yokuqala yombhalo we-ciphertext.
2. Ukubethela ibhulokhi ewumphumela nge-block cipher usebenzisa ukhiye.

Njengoba i-CBC isebenzisa kanzima kangaka ukusebenza kwe-XOR kanambambili, ake sithathe isikhashana ukukhumbula ezinye zezakhiwo zayo:

• Ukungabi namandla:
• I-Commutativity:
• Ukuhlangana:
• Ukuzibuyisela emuva:
• Ukubalwa kwebhayithi: ibhayithi n kwe = (byte n kwe ) (byte n kwe )

Ngokuvamile, lezi zakhiwo zisho ukuthi uma sinezibalo ezibandakanya ukusebenza kwe-XOR kanye nenye engaziwa, ingaxazululeka. Ngokwesibonelo, uma sikwazi lokho nabangaziwa futhi odumile и , bese singathembela kuzici ezishiwo ngenhla ukuxazulula isibalo sazo . Ngokusebenzisa i-XOR kuzo zombili izinhlangothi zesibalo nge , sithola . Konke lokhu kuzofanelana kakhulu ngomzuzwana.

Kukhona umehluko omncane omncane kanye nomehluko owodwa omkhulu phakathi kwesimo sethu sika-Alice kanye nokuhlasela kukaVaudenay. Amabili amancane:

• Embhalweni, u-Alice ubelindele ukuthi imibhalo esobala igcine ngezinhlamvu a, bb, ccc njalo njalo. Ekuhlaselweni kukaWodene, isisulu esikhundleni salokho silindele ukuthi imibhalo ecacile iphele izikhathi ezingu-N nge-N byte (okungukuthi, i-hexadecimal 01 noma 02 02, noma 03 03 03, njalonjalo). Lona umehluko wezimonyo kuphela.
• Esimeni sika-Alice, bekulula ukusho ukuthi u-Alice uwamukele yini umlayezo ngempendulo ethi "Umbhalo we-dummy ongalungile." Ekuhlaselweni kukaVodene, ukuhlaziya okwengeziwe kuyadingeka futhi ukuqaliswa okunembile ohlangothini lwesisulu kubalulekile; kodwa ngenxa yobufushane, ake sikuthathe njengesibonelo ukuthi lokhu kuhlaziya kusengenzeka.

Umehluko omkhulu:

• Njengoba singasebenzisi i-cryptosystem efanayo, ubudlelwano phakathi kwamabhayithi e-ciphertext alawulwa umhlaseli kanye nezimfihlo (ukhiye nombhalo osobala) ngokusobala buzohluka. Ngakho-ke, umhlaseli kuzodingeka asebenzise isu elihlukile lapho edala ama-ciphertexts kanye nezimpendulo zeseva.

Lo mehluko omkhulu ucezu lokugcina lwendida ukuqonda ukuhlasela kwe-Vaudenay, ngakho-ke ake sithathe isikhashana sicabange ngokuthi kungani futhi kanjani ukuhlasela kwezwi ku-CBC kungafakwa kwasekuqaleni.

Ake sithi sinikezwe umbhalo we-CBC wamabhulokhi angu-247, futhi sifuna ukuwususa ukubethela. Singathumela imilayezo engelona iqiniso kuseva, njengoba nje besingakwazi ukuthumela imilayezo engamanga ku-Alice ngaphambilini. Iseva izosusa ukubethela kithi imilayezo, kodwa ngeke ibonise ukubethela - esikhundleni salokho, futhi, njengo-Alice, iseva izobika ulwazi olulodwa kuphela: noma umbhalo ongenalutho unamaphedi avumelekile noma cha.

Cabanga ukuthi esimweni sika-Alice sibe nobudlelwano obulandelayo:

$$display$$text{SIMPLE_SUBSTITUTION}(umbhalo{ciphertext},umbhalo{key}) = umbhalo{plaintext}$$display$$

Masibize lokhu "i-equation ka-Alice." Besilawula i-ciphertext; iseva (u-Alice) iputshuze ulwazi olungacacile mayelana nombhalo osobala owamukelwe; futhi lokhu kusivumele ukuba sithole ulwazi mayelana nesici sokugcina - ukhiye. Ngokufanisa, uma singathola ukuxhumana okunjalo kwesikripthi se-CBC, singakwazi ukukhipha ulwazi oluyimfihlo nalapho.

Ngenhlanhla, bukhona ngempela ubudlelwano ngaphandle esingabusebenzisa. Cabangela okukhiphayo kwekholi yokugcina ukuze unqamule i-block cipher futhi usho lokhu okukhiphayo ngokuthi . Siphinde sisho amabhlogo ombhalo ongenalutho kanye namabhulokhi wombhalo we-ciphertext . Bheka futhi umdwebo we-CBC futhi uqaphele okwenzekayo:

Asibize lokhu “ngezibalo ze-CBC.”

Esimweni sika-Alice, ngokuqapha umbhalo we-ciphertext nokubuka ukuputshuka kwemibhalo engenalutho ehambisanayo, sikwazile ukuhlasela okuphinde kwathola ihlandla lesithathu kwizibalo—ukhiye. Esimeni se-CBC, siphinde siqaphe i-ciphertext futhi sibheke ukuvuza kolwazi embhalweni osobala ohambisana nawo. Uma isifaniso sisekhona, singathola ulwazi mayelana .

Ake sicabange ukuthi sibuyiselwe ngempela , pho? Hhayi-ke, singaphrinta yonke ibhlokhi yokugcina yombhalo osobala ngesikhathi esisodwa (), ngokungena nje (esinakho) kanye
kwamukelwe ku-equation ye-CBC.

Manje njengoba sinethemba ngohlelo lulonke lokuhlasela, sekuyisikhathi sokucacisa imininingwane. Sicela unake kahle ukuthi imininingwane yombhalo osobala iputshuzwa kanjani kuseva. Embhalweni ka-Alice, ukuvuza kwenzeke ngoba u-Alice ubezophendula kuphela ngomlayezo olungile uma $inline$text{SIMPLE_SUBSTITUTION}(text{ciphertext},text{key})$inline$ iphetha ngomugqa. a (noma bb, nokunye, kodwa amathuba okuthi lezi zimo zivuswe ngenhlanhla ayemancane kakhulu). Ngokufanayo ne-CBC, iseva yamukela ukuphediswa uma kuphela igcina nge-hexadecimal 01. Ngakho-ke ake sizame iqhinga elifanayo: ukuthumela ama-ciphertexts mbumbulu ngamavelu ethu omgunyathi kuze kube yilapho iseva yamukela ukugcwaliswa.

Uma iseva yamukela i-padding yomunye wemilayezo yethu mbumbulu, kusho ukuthi:

Manje sisebenzisa impahla ye-byte-byte XOR:

Siyalazi ithemu lokuqala nelesithathu. Futhi sesivele sibonile ukuthi lokhu kusivumela ukuthi sibuyise ithemu esele - i-byte yokugcina kusuka :

Lokhu futhi kusinikeza ibhayithi yokugcina yebhlokhi yokugcina yemibhalo engenalutho ngesibalo se-CBC kanye nesakhiwo sebhayithi-byte.

Singakushiya kanjalo futhi saneliseke ukuthi senze ukuhlasela kwe-cipher eqinile ngokomcabango. Kodwa eqinisweni singenza okuningi kakhulu: empeleni singawuthola wonke umbhalo. Lokhu kudinga iqhinga elalingekho kusikripthi sokuqala sika-Alice futhi elingadingeki ekuhlaselweni kwezwi, kodwa kusafanele ukulifunda.

Ukuze ukuqonde, qala wazi ukuthi umphumela wokukhipha inani elifanele lebhayithi yokugcina sinekhono elisha. Manje, lapho siqamba ama-ciphertexts, singasebenzisa ibhayithi yokugcina yombhalo ongenalutho ohambisanayo. Futhi, lokhu kuhlobene nesibalo se-CBC kanye nesakhiwo se-byte-by-byte:

Njengoba manje sesilazi ithemu yesibili, singasebenzisa ukulawula kwethu elokuqala ukuze silawule elesithathu. Sibala nje:

Asikwazanga ukwenza lokhu ngaphambilini ngoba besingekabi nayo i-byte yokugcina .

Lokhu kuzosisiza kanjani? Ake sithi manje sidala wonke ama-ciphertexts kangangokuthi emibhalweni ecacile ehambisanayo i-byte yokugcina ilingana 02. Iseva manje yamukela kuphela ukupheda uma umbhalo osobala uphetha ngokuthi 02 02. Njengoba silungise ibhayithi yokugcina, lokhu kuzokwenzeka kuphela uma i-penultimate byte ye-plaintext futhi ingu-02. Silokhu sithumela amabhulokhi we-ciphertext mbumbulu, sishintsha i-penultimate byte, kuze kube yilapho iseva yamukela ukugxusha kwesinye sazo. Kuleli qophelo sithola:

Futhi sibuyisela i-byte penultimate njengoba nje owokugcina wabuyiselwa. Siqhubeka ngomoya ofanayo: silungisa amabhayithi amabili okugcina ombhalo osobala ukuze 03 03, siphinda lokhu kuhlasela kwebhayithi yesithathu kusukela ekugcineni nokunye, ekugcineni ukubuyisela ngokuphelele .

Kuthiwani ngawo wonke umbhalo? Sicela uqaphele ukuthi inani empeleni ingu-$inline$text{BLOCK_DECRYPT}(umbhalo{key},C_{247})$inline$. Singabeka noma iyiphi enye ibhulokhi esikhundleni salokho , futhi ukuhlasela kusazophumelela. Eqinisweni, singacela iseva ukuthi yenze i-$inline$text{BLOCK_DECRYPT}$inline$ nganoma iyiphi idatha. Kuleli qophelo, umdlalo uphelile - singakwazi ukubethela noma iyiphi i-ciphertext (bheka futhi umdwebo wokususa ukubethela we-CBC ukuze ubone lokhu; futhi uqaphele ukuthi i-IV isesidlangalaleni).

Le ndlela ethile idlala indima ebalulekile ekuhlaselweni kwe-oracle esizohlangana nayo kamuva.

Ukuhlasela kukaKelsey

I-congenial yethu u-John Kelsey ubeke izimiso ezingaphansi kokuhlaselwa okuningi okungenzeka, hhayi nje imininingwane yokuhlaselwa okuthile kwe-cipher ethile. Okwakhe I-athikili ye-2002 yonyaka wucwaningo lokuhlaselwa okungase kube khona kudatha ecindezelwe ebethelwe. Ubucabanga ukuthi imininingwane yokuthi idatha yacindezelwa ngaphambi kokubethelwa beyingenele ukuhlasela? Kuvele ukuthi sekwanele.

Lo mphumela omangalisayo ungenxa yezimiso ezimbili. Okokuqala, kunokuhlobana okunamandla phakathi kobude bombhalo osobala nobude bombhalo ocashuniwe; ama-ciphers amaningi alingana ngqo. Okwesibili, lapho ukucindezela kwenziwa, kukhona nokuhlobana okuqinile phakathi kobude bomlayezo ocindezelwe kanye nezinga "lomsindo" wombhalo osobala, okungukuthi, ingxenye yezinhlamvu ezingaphindi (igama lobuchwepheshe lithi "i-entropy ephezulu" ).

Ukuze ubone isimiso sisebenza, cabangela imibhalo esobala emibili:

Umbhalo osobala 1: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Umbhalo osobala 2: ATVXCAGTRSVPTVVULSJQHGEYCMQPCRQBGCYIXCFJGJ

Ake sicabange ukuthi yomibili imibhalo esobala iyacindezelwa bese ibethelwa. Uthola ama-ciphertexts amabili avelayo futhi kufanele uqagele ukuthi yimuphi umbhalo we-cipher ofana yimuphi umbhalo osobala:

Umbhalo 1: PVOVEYBPJDPVANEAWVGCIUWAABCIYIKOOURMYDTA

Umbhalo 2: DWKJZXYU

Impendulo icacile. Phakathi kwemibhalo engenalutho, umbhalo ongenalutho kuphela ongu-1 owawungacindezelwa ube ubude obuncane bombhalo wesibili we-ciphertext. Sikuthole lokhu ngaphandle kokwazi lutho mayelana ne-algorithm yokucindezela, ukhiye wokubethela, noma i-cipher uqobo. Uma kuqhathaniswa nesigaba sokuhlaselwa okungase kube se-cryptographic, lolu uhlobo lokuhlanya.

UKelsey uqhubeka uveza ukuthi ngaphansi kwezimo ezithile ezingavamile lesi simiso singasetshenziswa futhi ukuze kuqhutshekwe nokuhlasela kwezwi. Ikakhulukazi, ichaza ukuthi umhlaseli angabuyisa kanjani umbhalo oyimfihlo oyimfihlo uma engaphoqa iseva ukuthi ibethele idatha yefomu (umbhalo osobala olandelwa ngenkathi esaphethe futhi ingabheka ngandlela thize ubude bomphumela obethelwe.

Futhi, njengokunye ukuhlaselwa kwezwi, sinobudlelwano:

Futhi, silawula ithemu eyodwa (), sibona ukuvuza okuncane kolwazi mayelana nelinye ilungu (i-ciphertext) futhi sizame ukubuyisela elokugcina (umbhalo ongenalutho). Naphezu kwesifaniso, lesi yisimo esingavamile uma siqhathaniswa nokunye ukuhlaselwa kwe-oracle esikubonile.

Ukukhombisa ukuthi ukuhlasela okunjalo kungasebenza kanjani, masisebenzise isikimu sokuminyanisa esiqanjiwe esisanda kuqhamuka naso: TOYZIP. Ibheka imigqa yombhalo evele ngaphambilini embhalweni bese ifaka esikhundleni sayo ngamabhayithi amathathu okubambi ndawo abonisa ukuthi singathola kuphi isenzakalo sangaphambili somugqa nokuthi sivela kangaki lapho. Ngokwesibonelo, umugqa helloworldhello ingacindezelwa ibe helloworld[00][00][05] Amabhayithi angu-13 ubude uma kuqhathaniswa namabhayithi okuqala angu-15.

Ake sithi umhlaseli uzama ukubuyisela umbhalo osobala wefomu password=..., lapho iphasiwedi ngokwayo ingaziwa. Ngokwemodeli yokuhlasela ka-Kelsey, umhlaseli angacela iseva ukuthi iminyanise bese ibethela imiyalezo yefomu (umbhalo ongenalutho ulandelwa ), lapho  - umbhalo wamahhala. Uma iseva isiqedile ukusebenza, ibika ubude bomphumela. Ukuhlasela kuhamba kanje:

Umgqekezi: Sicela ucindezele futhi ubethele umbhalo osobala ngaphandle kwanoma iyiphi i-padding.

Iseva: Ubude bomphumela 14.

Umgqekezi: Sicela ucindezele futhi ubethele umbhalo osobala owengezwe kuwo password=a.

Iseva: Ubude bomphumela 18.

Amanothi e-cracker: [original 14] + [amabhayithi amathathu ashintshile password=] + a

Umgqekezi: Sicela ucindezele futhi ubethele umbhalo osobala owengezwe kuwo password=b.

Iseva: Ubude bomphumela 18.

Umgqekezi: Sicela ucindezele futhi ubethele umbhalo osobala owengezwe kuwo password=с.

Iseva: Ubude bomphumela 17.

Amanothi e-cracker: [original 14] + [amabhayithi amathathu ashintshile password=c]. Lokhu kuthatha ukuthi umbhalo osobala wangempela uqukethe iyunithi yezinhlamvu password=c. Okusho ukuthi, iphasiwedi iqala ngohlamvu c

Umgqekezi: Sicela ucindezele futhi ubethele umbhalo osobala owengezwe kuwo password=сa.

Iseva: Ubude bomphumela 18.

Amanothi e-cracker: [original 14] + [amabhayithi amathathu ashintshile password=с] + a

Umgqekezi: Sicela ucindezele futhi ubethele umbhalo osobala owengezwe kuwo password=сb.

Iseva: Ubude bomphumela 18.

(… Ngemva kwesikhathi esithile…)

Umgqekezi: Sicela ucindezele futhi ubethele umbhalo osobala owengezwe kuwo password=со.

Iseva: Ubude bomphumela 17.

Amanothi e-cracker: [original 14] + [amabhayithi amathathu ashintshile password=co]. Ngokusebenzisa umqondo ofanayo, umhlaseli uphetha ngokuthi igama eliyimfihlo liqala ngezinhlamvu co

Futhi njalo kuze kube yilapho yonke iphasiwedi ibuyiselwe.

Umfundi angaxolelwa ngokucabanga ukuthi lokhu kuwumsebenzi wezemfundo kuphela nokuthi isimo esinjalo sokuhlasela ngeke sivele emhlabeni wangempela. Maye, njengoba sizobona maduze, kungcono ukungayeki i-cryptography.

Ubungozi bomkhiqizo: CRIME, POODLE, DROWN

Ekugcineni, ngemva kokutadisha ithiyori ngokuningiliziwe, singabona ukuthi lawa masu asetshenziswa kanjani ekuhlaselweni kwangempela kwe-cryptographic.

NGESIKHATHI

Uma ukuhlasela kuhloswe esipheqululini kanye nenethiwekhi yesisulu, okunye kuzoba lula kanti okunye kuzoba nzima kakhulu. Isibonelo, kulula ukubona ithrafikhi yesisulu: vele uhlale naye ekhefi eyodwa ene-WiFi. Ngalesi sizathu, abangaba izisulu (okungukuthi wonke umuntu) ngokuvamile bayelulekwa ukuthi basebenzise uxhumano olubethelwe. Kuzoba nzima kakhulu, kodwa kusengenzeka, ukwenza izicelo ze-HTTP egameni lesisulu kusayithi lenkampani yangaphandle (isibonelo, i-Google). Umhlaseli kumele ayengele isisulu ekhasini lewebhu elinonya ngombhalo owenza isicelo. Isiphequluli sewebhu sizohlinzeka ngokuzenzakalelayo ngekhukhi leseshini elihambisanayo.

Lokhu kubonakala kumangalisa. Ukube uBob waya kuye evil.com, ingabe umbhalo kule sayithi uvele ucele i-Google ukuthi ithumele i-imeyili ku-password ka-Bob [email protected]? Yebo, ngombono yebo, kodwa empeleni cha. Lesi simo sibizwa nge-cross-site application forgery attack (I-Cross-Site Application Forgery, CSRF), futhi yayidumile phakathi nawo-90s. Namuhla uma evil.com izama leli qhinga, i-Google (noma iyiphi iwebhusayithi ezihloniphayo) ngokuvamile izophendula ngokuthi, “Kuhle, kodwa ithokheni yakho ye-CSRF yalokhu kuthenga izoba... три триллиона и семь. Ngicela uphinde le nombolo." Iziphequluli zesimanje zinento ebizwa ngokuthi "inqubomgomo yemvelaphi efanayo" lapho imibhalo esendaweni A ingakwazi ukufinyelela olwazini oluthunyelwe yiwebhusayithi B. Ngakho umbhalo uvuliwe. evil.com ingathumela izicelo ku google.com, kodwa ayikwazi ukufunda izimpendulo noma empeleni ukuqedela okwenziwayo.

Kufanele sigcizelele ukuthi ngaphandle kokuthi u-Bob esebenzisa uxhumano olubethelwe, zonke lezi zivikelo azisho lutho. Umhlaseli angavele afunde ithrafikhi ka-Bob futhi abuyisele ikhukhi leseshini ye-Google. Ngale khukhi, uzovele avule ithebhu entsha ye-Google ngaphandle kokushiya isiphequluli sakhe futhi azenze u-Bob ngaphandle kokuhlangabezana nezinqubomgomo eziyindida ezinemvelaphi efanayo. Kodwa, ngeshwa kumgqekezi, lokhu kuya ngokuya kuncipha. I-inthanethi iyonke sekuyisikhathi eside imemezela impi ekuxhumekeni okungabhaliwe, futhi ithrafikhi ephumayo ka-Bob cishe ibethelwe, noma uyayithanda noma cha. Ngaphezu kwalokho, kusukela ekuqaleni kokuqaliswa kwe-protocol, ithrafikhi nayo yayikhona shwaqeka ngaphambi kwe-encryption; lokhu kwakuwumkhuba ovamile wokunciphisa ukubambezeleka.

Yilapho kungena khona NGESIKHATHI (I-Compression Ratio Infoleak Made Easy, ukuvuza okulula ngokusebenzisa isilinganiso sokucindezela). Ukuba sengozini kwembulwe ngoSepthemba 2012 ngabacwaningi bezokuphepha u-Juliano Rizzo kanye no-Thai Duong. Sesike sahlola yonke isisekelo setiyori, esisivumela ukuthi siqonde ukuthi benzeni futhi kanjani. Umhlaseli angaphoqa isiphequluli sika-Bob ukuthi sithumele izicelo ku-Google bese silalela izimpendulo kunethiwekhi yendawo ngendlela ecindezelwe, ebethelwe. Ngakho-ke sine:

Lapha umhlaseli ulawula isicelo futhi uyakwazi ukufinyelela i-traffic sniffer, okuhlanganisa nosayizi wephakethe. Indaba eqanjiwe kaKelsey yaba khona.

Ngokuqonda ithiyori, ababhali be-CRIME badale ukuxhaphaza okungantshontsha amakhukhi esikhathi ezinhlobonhlobo zamasayithi, okuhlanganisa i-Gmail, i-Twitter, iDropbox ne-Github. Ukuba sengozini kuthinte iziphequluli zewebhu eziningi zesimanje, okuholele ekukhishweni kwamapheshana agqibe buthule isici sokuminyanisa ku-SSL ukuze singasetshenziswa nhlobo. Okuwukuphela kwayo okuvikelwe ekubeni sengozini kwakuyi-Internet Explorer ehlonishwayo, engakaze isebenzise ukucindezelwa kwe-SSL nhlobo.

I-POODLE

Ngo-Okthoba 2014, ithimba lezokuphepha le-Google lenza amagagasi emphakathini wezokuphepha. Bakwazile ukusebenzisa ukuba sengozini kuphrothokholi ye-SSL eyayifakwe nezichibiyelo eminyakeni engaphezu kweyishumi edlule.

Kuvele ukuthi ngenkathi iziphakeli zisebenzisa i-TLSv1.2 entsha ecwebezelayo, abaningi bashiye usekelo lwefa le-SSLv3 lokubuyela emuva nge-Internet Explorer 6. Sesike sakhuluma ngokuhlaselwa kokwehlisa izinga, ngakho ungacabanga ukuthi kwenzekani. Ukonakala okuhlelwe kahle kwephrothokholi yokuxhawula futhi amaseva alungele ukubuyela ku-SSLv3 enhle yakudala, empeleni kuhlehlisa iminyaka engu-15 yokugcina yocwaningo lwezokuphepha.

Ngomongo womlando, nasi isifinyezo esifushane somlando we-SSL kuze kufike enguqulweni yesi-2 kusuka ku-Matthew Green:

I-Transport Layer Security (TLS) iyiphrothokholi yezokuphepha ebaluleke kakhulu ku-inthanethi. [..] cishe konke okwenzayo ku-inthanethi kuncike ku-TLS. [..] Kodwa i-TLS bekungeyona njalo i-TLS. Iphrothokholi yaqala impilo yayo I-Netscape Communications ebizwa ngokuthi "Secure Sockets Layer" noma i-SSL. Amahemuhemu athi inguqulo yokuqala ye-SSL yayimbi kangangokuthi abathuthukisi baqoqa wonke amakhodi aphrintiwe futhi bawangcwaba endaweni yokulahla eyimfihlo eNew Mexico. Njengomphumela, inguqulo yokuqala etholakala esidlangalaleni ye-SSL empeleni inguqulo ye-SSL 2. Kuyesabeka kakhulu, futhi [..] bekungumkhiqizo wamaphakathi nawo-90s, ababhali besimanje be-cryptographers abawubheka njengokuthi "iminyaka emnyama ye-cryptography" Iningi lokuhlaselwa okunyanyekayo kwe-cryptographic esikwaziyo ngakho namuhla akukakatholwa. Njengomphumela, abathuthukisi besivumelwano se-SSLv2 empeleni bashiywe ukuze baphuthaze indlela yabo ebumnyameni, futhi babhekana izilo eziningi ezimbi - kwabadumaza futhi kuzuzisa thina, njengoba ukuhlaselwa kwe-SSLv2 kushiye izifundo ezibalulekile esizukulwaneni esilandelayo sezivumelwano.

Ngemva kwalezi zenzakalo, ngo-1996, i-Netscape ekhungathekile yaklama kabusha umthetho olandelwayo we-SSL kusukela ekuqaleni. Umphumela waba inguqulo 3 ye-SSL, okuyinto yalungisa izinkinga ezimbalwa zokuphepha ezandulelayo.

Ngenhlanhla kubagqekezi, elithi “idlanzana” alisho “bonke.” Sekukonke, i-SSLv3 inikeze wonke amabhlogo wokwakha adingekayo ukuze kuqalwe ukuhlasela kweVodene. Iphrothokholi isebenzise i-block cipher yemodi ye-CBC kanye nesikimu sokupheda esingavikelekile (lokhu kwalungiswa ku-TLS; yingakho isidingo sokuhlaselwa kokwehlisa izinga). Uma ukhumbula i-padding scheme encazelweni yethu yasekuqaleni yokuhlasela kwe-Vaudenay, uhlelo lwe-SSLv3 lufana kakhulu.

Kodwa, ngeshwa kumasela, “okufanayo” akusho “okufanayo.” Uhlelo lokupheda lwe-SSLv3 luthi "N amabhayithi angahleliwe alandelwe inombolo N". Zama, ngaphansi kwalezi zimo, ukukhetha ibhulokhi ecatshangelwayo ye-ciphertext futhi udlule kuzo zonke izinyathelo zohlelo lwangempela luka-Vaudene: uzothola ukuthi ukuhlasela kukhiphe ngempumelelo ibhayithi yokugcina kubhlokhi ehambisanayo yombhalo osobala, kodwa akuqhubeki phambili. Ukususa ukubethela njalo ngebhayithi engu-16 ye-ciphertext kuyiqhinga elihle, kodwa akuwona ukunqoba.

Libhekene nokwehluleka, ithimba le-Google laphendukela esinqumweni sokugcina: lashintshela kumodeli yokusongela enamandla kakhulu - leyo esetshenziswa ku-CRIME. Uma sicabanga ukuthi umhlaseli uyiskripthi esisebenza kuthebhu yesiphequluli somuntu ohlukunyeziwe futhi angakhipha amakhukhi esikhathi, ukuhlasela kusahlaba umxhwele. Nakuba imodeli ebanzi yokusongela ingokoqobo kancane, sibonile esigabeni esidlule ukuthi le modeli ethile ingenzeka.

Ngokunikezwa lawa mandla omhlaseli anamandla, ukuhlasela manje kungaqhubeka. Qaphela ukuthi umhlaseli uyazi lapho ikhukhi lesikhathi elibethelwe livela kunhlokweni futhi lilawula ubude besicelo se-HTTP esandulelayo. Ngakho-ke, iyakwazi ukuphatha isicelo se-HTTP ukuze i-byte yokugcina yekhukhi ihambisane nokuphela kwe-block. Manje le-byte isilungele ukuqaqwa. Ungamane wengeze uhlamvu olulodwa esicelweni, futhi i-penultimate byte yekhukhi izohlala endaweni efanayo futhi ifanele ukukhethwa usebenzisa indlela efanayo. Ukuhlasela kuqhubeka ngale ndlela kuze kube yilapho ifayela lekhukhi selibuyiselwe ngokuphelele. Ibizwa nge-POODLE: I-Padding Oracle Ekubetheleni Kwefa Elisezingeni Eliphansi.

MINZA

Njengoba sesishilo, i-SSLv3 yayinamaphutha ayo, kodwa yayihluke kakhulu kweyandulelayo, njengoba i-SSLv2 evuzayo yayiwumkhiqizo wenkathi ehlukile. Lapho ungaphazamisa umlayezo phakathi: соглашусь на это только через мой труп waphenduka waba соглашусь на это; iklayenti neseva bangahlangana ku-inthanethi, basungule ukwethembana futhi bashintshisane ngezimfihlo phambi komhlaseli, ongase azenze kalula kokubili. Kuphinde kube nenkinga nge-cryptography yokuthekelisa, esiyishilo lapho sicubungula i-FREAK. Lezi kwakuyiSodoma neGomora ezibhalwa phansi.

NgoMashi 2016, ithimba labacwaningi abavela emikhakheni ehlukene yobuchwepheshe bahlangana futhi bathola okumangazayo: I-SSLv2 isasetshenziswa ezinhlelweni zokuphepha. Yebo, abahlaseli abasakwazi ukwehlisa amaseshini esimanje e-TLS kuya ku-SSLv2 njengoba leyo mbobo yavalwa ngemva kwe-FREAK ne-POODLE, kodwa basengaxhumeka kumaseva futhi baziqalise ngokwabo amaseshini e-SSLv2.

Ungase ubuze, kungani sinendaba nalokho abakwenzayo lapho? Baneseshini esengozini, kodwa akufanele ithinte ezinye izikhathi noma ukuphepha kweseva - akunjalo? Hhayi-ke. Yebo, kufanele kube njalo emcabangweni. Kodwa cha - ngoba ukukhiqiza izitifiketi ze-SSL kubeka umthwalo othile, okuholela ekutheni amaseva amaningi asebenzise izitifiketi ezifanayo futhi, ngenxa yalokho, okhiye be-RSA abafanayo bokuxhumana kwe-TLS ne-SSLv2. Ukwenza izinto zibe zimbi kakhulu, ngenxa yesiphazamisi se-OpenSSL, inketho ethi "Khubaza i-SSLv2" kulokhu kusetshenziswa kwe-SSL okudumile ayizange isebenze.

Lokhu kwenze ukuthi kube nokuhlasela kwe-cross-protocol ku-TLS, okubizwa MINZA (Ukususa ukubethela kwe-RSA Ngokubhala Ngemfihlo Okuphelelwe yisikhathi futhi Okwenziwe Buthaka, kukhishwa ukubethela kwe-RSA ngokubethela okuphelelwe yisikhathi nokubuthakathaka). Khumbula ukuthi lokhu akufani nokuhlasela okufushane; umhlaseli akadingi ukwenza "njengendoda phakathi" futhi akadingi ukubandakanya iklayenti ukuze abambe iqhaza kuseshini engavikelekile. Abahlaseli bavele baqalise iseshini ye-SSLv2 engavikelekile ngeseva ngokwayo, bahlasele iphrothokholi ebuthaka, futhi babuyisele ukhiye oyimfihlo weseva we-RSA. Lo khiye uvumelekile futhi ekuxhumekeni kwe-TLS, futhi kusukela kuleli phuzu kuqhubeke, alikho inani lokuvikeleka kwe-TLS elizolivimbela ukuthi lifakwe ebucayini.

Kodwa ukuze uyiqhekeze, udinga ukuhlasela okusebenzayo ngokumelene ne-SSLv2, okukuvumela ukuthi ubuyisele hhayi ithrafikhi ethile kuphela, kodwa futhi nokhiye oyimfihlo weseva ye-RSA. Nakuba lokhu kuwukusetha okuyinkimbinkimbi, abacwaningi bangakhetha noma yikuphi ubungozi obuvalwe ngokuphelele ngemva kwe-SSLv2. Ekugcineni bathola inketho efanelekile: ukuhlasela kweBleichenbacher, esikushilo ngaphambili futhi esizokuchaza ngokuningiliziwe esihlokweni esilandelayo. I-SSL ne-TLS zivikelwe kulokhu kuhlasela, kodwa ezinye izici ezingahleliwe ze-SSL, ezihlanganiswe nokhiye abafushane ekubhalweni kwemfihlo kwebanga lokuthekelisa, kwenze kwaba nokwenzeka. ukuqaliswa okuthile kwe-DROWN.

Ngesikhathi sokushicilela, u-25% wamasayithi aphezulu e-inthanethi athintwe ukuba sengozini kwe-DROWN, futhi ukuhlasela kungenziwa ngezinsiza ezincane ezitholakala ngisho nakubagebengu be-inthanethi abanonya. Ukubuyisa ukhiye we-RSA weseva kudinga amahora ayisishiyagalombili wokubala kanye no-$440, futhi i-SSLv2 isuke ekuphelelweni isikhathi yaya kwi-radioactive.

Ima, kuthiwani nge-Heartbleed?

Lokhu akukhona ukuhlasela okufihlakele ngomqondo ochazwe ngenhla; Lokhu ukuchichima kwebhafa.

Ake sithi ukuphumula

Saqala ngamasu athile ayisisekelo: amandla anonya, ukuhumusha, ukwehlisa izinga, i-cross-protocol, kanye nokubala kusengaphambili. Sabe sesibheka inqubo eyodwa ethuthukisiwe, mhlawumbe ingxenye eyinhloko yokuhlaselwa kwe-cryptographic yesimanje: ukuhlasela kwe-oracle. Sichithe isikhathi eside siyihlola - futhi asiqondanga nje umgomo oyisisekelo, kodwa nemininingwane yobuchwepheshe yokusetshenziswa okubili okuqondile: ukuhlasela kwe-Vaudenay kumodi yokubethela ye-CBC kanye nokuhlasela kuka-Kelsey kumaphrothokholi wokubethela wangaphambi kokucindezelwa.

Ekubuyekezeni ukuhlaselwa kokwehliswa kanye nokubala kusengaphambili, siveze kafushane ukuhlasela kwe-FREAK, okusebenzisa izindlela zombili ngokwenza amasayithi aqondiwe ehlele kokhiye ababuthakathaka bese siphinda sisebenzise okhiye abafanayo. Esihlokweni esilandelayo, sizolondoloza (okufana kakhulu) nokuhlasela kwe-Logjam, okuqondiswe ku-algorithms yokhiye womphakathi.

Sabe sesibheka ezinye izibonelo ezintathu zokusebenzisa lezi zimiso. Okokuqala, i-CRIME kanye ne-POODLE: ukuhlasela okubili obekuncike ekhonweni lomhlaseli lokujova umbhalo ophikisayo ongekho emthethweni eduze kombhalo osobala oqondisiwe, bese uhlola izimpendulo zeseva futhi ke,usebenzisa indlela yokuhlasela kwezwi, sebenzisa lolu lwazi oluyingcosana ukuze,ubuyisele kancane umbhalo osobala. I-CRIME ihambe ngendlela yokuhlasela kuka-Kelsey ekucindezelweni kwe-SSL, kuyilapho u-POODLE esikhundleni salokho esebenzisa okuhlukile kokuhlasela kuka-Vaudenay ku-CBC ngomphumela ofanayo.

Sibe sesibhekisa ukunaka kwethu ekuhlaselweni kwe-DROWN ye-cross-protocol, esungula uxhumano kuseva kusetshenziswa iphrothokholi ye-SSLv2 yefa bese iphinda ithole okhiye abayimfihlo beseva kusetshenziswa ukuhlasela kwe-Bleichenbacher. Seqa imininingwane yobuchwepheshe yalokhu kuhlasela okwamanje; njenge-Logjam, kuzomele ilinde size sibe nokuqonda okuhle kwama-cryptosystems okhiye basesidlangalaleni kanye nokuba sengozini kwawo.

Esihlokweni esilandelayo sizokhuluma ngokuhlaselwa okuthuthukisiwe okufana nokuhlangana phakathi, ukuhlukaniswa kwe-cryptanalysis nokuhlaselwa kosuku lokuzalwa. Ake sithathe isinyathelo ngokushesha ekuhlaselweni kwesiteshi eseceleni, bese sidlulela engxenyeni ejabulisayo: ukhiye womphakathi we-cryptosystems.

Source: www.habr.com