/dev/random, i-cryptographically pseudo-random generator inombolo (CSPRNG), yaziwa ukuthi inenkinga eyodwa ecasulayo: ukuvimba. Lesi sihloko sichaza ukuthi ungayixazulula kanjani.
Ezinyangeni ezimbalwa ezedlule, izikhungo zokukhiqiza izinombolo ezingahleliwe ku-kernel ziye zaphinda zasebenza, kodwa izinkinga kulolu hlelo oluncane ziye zaxazululwa ngokuhamba kwesikhathi. . Abaningi zenziwe ukuze kuvinjwe ikholi yesistimu ye-getrandom() ekuvinjweni isikhathi eside lapho isistimu iqala, kodwa isizathu esiyisisekelo salokhu kwakuwukuziphatha okuvimbile kwephuli engahleliwe. Isiqephu sakamuva ngabe sisuse leli chibi futhi bekulindeleke ukuthi siqonde emnyombo omkhulu.
U-Andy Lutomirski ushicilele inguqulo yesithathu yesichibi ekupheleni kukaDisemba. Uyanikela "izinguquko ezimbili ezinkulu ze-semantic kuma-API we-Linux angahleliwe". Isiqephu sengeza ifulegi elisha le-GRND_INSECURE ocingweni lwesistimu ye-getrandom() (nakuba uLutomirsky ebhekisela kuyo njenge-geentropy(), esetshenziswa nge-glibc kusetshenziswa i-getrandom() enamafulegi angashintshiwe); leli fulegi libangela ukuthi ikholi ihlale ibuyisela inani ledatha eceliwe, kodwa ngaphandle kokuqinisekisa ukuthi idatha ayihleliwe. I-kernel izokwenza konke okusemandleni ukukhiqiza idatha engahleliwe engcono kakhulu enayo ngesikhathi esinikeziwe. "Mhlawumbe into engcono kakhulu ongayenza ukuyibiza ngokuthi 'INSECURE' (angivikelekile) ukuvimbela le API ukuthi isetshenziselwe izinto ezidinga ukuphepha."
Ama-patches aphinde asuse ichibi lokuvimbela. I-kernel okwamanje igcina amachibi edatha angahleliwe amabili, eyodwa ehambisana ne / dev / okungahleliwe kanti enye ku / dev / urandom, njengoba kuchazwe kule 2015. I-blocking pool iyichibi le-/dev/random; ukufundwa kwaleyo divayisi kuzovimba (okusho igama layo) kuze kube yilapho i-entropy ethi "kwanele" isiqoqiwe kusukela kusistimu ukuze kwanelise isicelo. Ukufundwa okwengeziwe okuvela kuleli fayela nakho kuvinjiwe uma ingekho i-entropy eyanele echibini.
Ukukhipha iphuli yokukhiya kusho ukuthi ukufunda ukusuka ku-/dev/okungahleliwe kuziphathisa njenge-getrandom() enamafulegi asethelwe kuqanda (futhi kuguqula ifulegi le-GRND_RANDOM libe yi-noop). Uma i-cryptographic random generator (CRNG) isiqalisiwe, ukufunda kusuka ku-/dev/okungahleliwe kanye namakholi aya ku-getrandom(...,0) ngeke kuvimbe futhi kuzobuyisela inani eliceliwe ledatha engahleliwe.
ULutomirsky uthi: “Ngikholwa ukuthi i-Linux blocking pool isiphelelwe yisikhathi. I-CRNG Linux ikhiqiza okukhiphayo okuhle ngokwanele ukuthi kusetshenziselwe ukukhiqiza ukhiye. Ichibi lokuvimbela alinamandla kunoma yimuphi umqondo wezinto ezibonakalayo futhi lidinga ingqalasizinda yenani elingabazisayo ukulisekela.”
Izinguquko zenziwe ngomgomo wokuqinisekisa ukuthi izinhlelo ezikhona ngeke zithinteke ngempela, futhi empeleni, kuzoba nezinkinga ezimbalwa ngokulinda isikhathi eside izinto ezifana nokukhiqiza ukhiye we-GnuPG.
“Lezi ziqephu akumele ziphazamise izinhlelo ezikhona. /dev/urandom ihlala ingashintshiwe. /dev/okungahleliwe kusavimba ngokushesha lapho kuqalwa, kodwa kuvimbe ngaphansi kunangaphambili. getentropy() namafulegi akhona azobuyisela umphumela ofanele izinjongo ezingokoqobo njengangaphambili."
U-Lutomirsky waphawula ukuthi kusengumbuzo ovulekile ukuthi i-kernel kufanele inikeze lokho okubizwa ngokuthi "izinombolo ezingahleliwe zangempela," okuyilokho i-kernel evimbelayo okufanele iyenze ngezinga elithile. Ubona isizathu esisodwa salokhu: “ukuhambisana nezindinganiso zikahulumeni.” U-Lutomirsky uphakamise ukuthi uma i-kernel izohlinzeka ngalokhu, kufanele kwenziwe ngokusebenzisa isixhumi esibonakalayo esihluke ngokuphelele, noma kufanele ihanjiswe esikhaleni somsebenzisi, okuvumela umsebenzisi ukuthi athole amasampula omcimbi ongahluziwe angasetshenziswa ukudala ichibi lokukhiya elinjalo.
UStephan Müller uphakamise ukuthi isethi yakhe ye-Linux Random Number Generator (LRNG) (okwamanje inguqulo engu-26 ekhishiwe) ingaba indlela yokuhlinzeka ngezinombolo zeqiniso ezingahleliwe zezinhlelo zokusebenza eziyidingayo. I-LRNG “ithobelana ngokugcwele Nemihlahlandlela ye-SP800-90B Yemithombo Ye-Entropy Esetshenziselwa Ukukhiqiza Izingcezu Ezingahleliwe,” okuyenza ibe yisixazululo senkinga yezindinganiso zikahulumeni.
U-Matthew Garrett uphikise igama elithi “idatha engahleliwe yeqiniso,” ephawula ukuthi amathuluzi asampuliwe angamodelwa kahle ngokwanele ukuze aqageleke: “asisampula imicimbi yobuningi lapha.”
U-Müller uphendule ngokuthi leli gama livela kwejwayelekile yaseJalimane i-AIS 31 ukuchaza umshini wokukhiqiza inombolo engahleliwe okhiqiza kuphela umphumela "ngenani elifanayo njengoba umthombo womsindo ongaphansi ukhiqiza i-entropy."
Umehluko wamagama eceleni, ukuba nephuli yokukhiya njengoba kuphakanyiswe iziqephu ze-LRNG kuzovele kuholele ezinkingeni ezahlukahlukene, okungenani uma kufinyelelwa kuzo ngaphandle kwamalungelo.
Njengoba uLutomirsky esho: “Lokhu akuyixazululi inkinga. Uma abasebenzisi ababili abahlukene besebenzisa izinhlelo eziyisiphukuphuku njenge-gnupg, bazovele badonsane. Ngiyabona ukuthi okwamanje kunezinkinga ezimbili eziyinhloko nge-/dev/random: ithambekele ku-DoS (okungukuthi ukuqedwa kwensiza, ithonya elinonya noma into efanayo), futhi njengoba kungekho amalungelo adingekayo ukuze isetshenziswe, futhi ijwayele ukuhlukumeza. I-Gnupg ayilungile, ukugoqa okuphelele. Uma sengeza isixhumi esibonakalayo esisha esingavikelekile esizosetshenziswa yi-gnupg nezinhlelo ezifanayo, sizolahlekelwa futhi."
U-Mueller waphawula ukuthi ukungezwa kwe-getrandom() manje kuzovumela i-GnuPG ukuthi isebenzise lesi sixhumi esibonakalayo, njengoba sizonikeza isiqinisekiso esidingekayo sokuthi ichibi seliqalisiwe. Ngokusekelwe ezingxoxweni nonjiniyela we-GnuPG u-Werner Koch, u-Mueller ukholelwa ukuthi isiqinisekiso ukuphela kwesizathu sokuthi i-GnuPG okwamanje ifundeka ngokuqondile ku-/dev/random. Kodwa uma kukhona isixhumi esibonakalayo esingenalungelo esingase sinqatshelwe insizakalo (njengoba i-/dev/random injalo namuhla), uLutomirsky uphikisa ukuthi izosetshenziswa kabi ezinye izinhlelo zokusebenza.
U-Theodore Yue Tak Ts'o, unjiniyela we-Linux's random number subsystem, ubonakala eguqule umqondo wakhe mayelana nesidingo sedamu lokuvimbela. Uthe ukususa leli chibi kuzowususa ngempumelelo umbono wokuthi iLinux ine-generator yezinombolo ezingahleliwe (TRNG) yangempela: "akuwona umbhedo lokhu, ngoba yilokhu *BSD ebihlale ikwenza."
Ukhathazekile futhi ngokuthi ukuhlinzeka ngomshini we-TRNG kuzomane kusebenze njengesiyengo sabathuthukisi bezicelo futhi ukholelwa ukuthi empeleni, uma kunikezwe izinhlobo ezahlukene zehadiwe ezisekelwa yi-Linux, akunakwenzeka ukuqinisekisa i-TRNG ku-kernel. Ngisho nekhono lokusebenza ngemishini kuphela ngamalungelo ezimpande ngeke kuyixazulule inkinga: "Onjiniyela bohlelo lokusebenza bacacisa ukuthi uhlelo lwabo lokusebenza lufakwe njengempande ngezinjongo zokuphepha, ukuze lena kube ukuphela kwendlela ongafinyelela ngayo izinombolo ezingahleliwe 'ezinhle ngempela'."
U-Mueller ubuze ukuthi ngabe u-Cao ukuyekile yini ukusebenzisa i-blocking pool ayekade eyihlongoze. U-Cao uphendule ngokuthi uhlela ukuthatha ama-patches ka-Lutomirsky futhi uphikisana ngokuqinile nokwengeza isixhumi esibonakalayo esivimbelayo emuva ku-kernel.
“I-kernel ayikwazi ukwenza isiqiniseko sokuthi umthombo womsindo ubhalwe ngendlela efanele yini. Okuwukuphela kwento unjiniyela we-GPG noma we-OpenSSL angayithola umuzwa ongacacile wokuthi i-TRUERANDOM "ingcono", futhi njengoba befuna ukuvikeleka okwengeziwe, ngokungangabazeki bazozama ukuyisebenzisa. Kwesinye isikhathi izovinjwa, futhi lapho omunye umsebenzisi ohlakaniphile (mhlawumbe uchwepheshe wokusabalalisa) eyifaka embhalweni we-init futhi amasistimu ayeka ukusebenza, abasebenzisi kuyodingeka bakhononde ku-Linus Torvalds uqobo.”
I-Cao iphinde ikhuthaze ukunikeza ababhala ngokufihla ulwazi nalabo abadinga ngempela i-TRNG indlela yokuvuna i-entropy yabo esikhaleni somsebenzisi ukuze bayisebenzise njengoba bebona kufanele. Uthi ukuqoqa i-entropy akuyona inqubo engenziwa yi-kernel kuwo wonke ama-hardware ahlukene ayisekelayo, futhi i-kernel ngokwayo ayikwazi ukulinganisa inani le-entropy elinikezwa imithombo ehlukene.
"I-kernel akufanele ixube imithombo ehlukene yomsindo ndawonye, futhi akufanele izame ukufuna ukwazi ukuthi zingaki izingcezu ze-entropy ezitholayo uma izama ukudlala uhlobo oluthile "lwegeyimu ye-twitchy entropy" ku-CPU elula ngendlela exakayo. izakhiwo zabasebenzisi babathengi. Izimo ze-IOT/Embedded lapho yonke into ingavumelanisi ne-oscillator eyodwa eyinhloko, lapho ungekho umyalo we-CPU wokuhlela kabusha noma ukuqamba kabusha irejista, njll.
“Ungakhuluma ngokuhlinzeka ngamathuluzi azama ukwenza lezi zibalo, kodwa izinto ezinjalo kufanele zenziwe ku-hardware yomsebenzisi ngamunye, okungeke kwenzeke kubasebenzisi abaningi bokusabalalisa. Uma lokhu kuhloselwe ama-cryptographer kuphela, makwenziwe endaweni yabo yomsebenzisi. Futhi masingayenzi ibe lula i-GPG, i-OpenSSL, njll. ukuze wonke umuntu athi "sifuna "ukungahleliwe kweqiniso" futhi ngeke aneliseke ngokuncane." Singakhuluma ngendlela esinikeza ngayo izixhumi kubabhali be-cryptographer ukuze bathole ulwazi abaludingayo ngokufinyelela imithombo yomsindo eyinhloko, ehlukanisiwe futhi eqanjwe igama, futhi mhlawumbe ngandlela thile umthombo womsindo ungazifakazela ubuqiniso kumtapo wolwazi noma kuhlelo lokusebenza lwesikhala somsebenzisi."
Kube nengxoxo ethile mayelana nokuthi isixhumi esibonakalayo esinjalo singabukeka kanjani, njengoba ngokwesibonelo kungase kube nemithelela yezokuphepha kweminye imicimbi. U-Cao waphawula ukuthi amakhodi wokuskena ikhibhodi (okungukuthi ama-keystrokes) axutshwa echibini njengengxenye yeqoqo le-entropy: "Ukuletha lokhu endaweni yomsebenzisi, ngisho nangocingo lwesistimu olukhethekile, kungaba okungahlakaniphile ukusho okuncane." Kungenzeka ukuthi ezinye izikhathi zomcimbi zingadala uhlobo oluthile lokuvuza kolwazi ngokusebenzisa iziteshi eziseceleni.
Ngakho-ke kubukeka sengathi inkinga osekunesikhathi eside ikhona nge-Linux's random number subsystem isendleleni eya esixazululweni. Izinguquko isistimu engaphansi yenombolo engahleliwe eye yaba nayo kamuva nje ibangele kuphela izinkinga ze-DoS ngenkathi isetshenziswa. Manje kunezindlela ezisebenzayo zokuthola izinombolo ezingahleliwe ezingcono kakhulu ezinganikezwa yi-kernel. Uma i-TRNG isafiseleka ku-Linux, khona-ke leli phutha lizodinga ukubhekwana nalo esikhathini esizayo, kodwa cishe lokhu ngeke kwenziwe ngaphakathi kwe-kernel ngokwayo.
Ezinye izikhangiso 🙂
Siyabonga ngokuhlala nathi. Uyazithanda izindatshana zethu? Ufuna ukubona okuqukethwe okuthakaselayo okwengeziwe? Sisekele ngokufaka i-oda noma ngokuncoma kubangani, , i-analogue ehlukile yamaseva ezinga lokungena, esungulwe yithi ngenxa yakho: (itholakala nge-RAID1 kanye ne-RAID10, kufika kuma-cores angu-24 kuze kufike ku-40GB DDR4).
I-Dell R730xd 2x ishibhile esikhungweni sedatha se-Equinix Tier IV e-Amsterdam? Lapha kuphela eNetherlands! I-Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - isuka ku-$99! Funda mayelana
Source: www.habr.com