Ukuhlaziya okuthunyelwe: yini eyaziwayo mayelana nokuhlasela kwakamuva kunethiwekhi ye-SKS Keyserver yamaseva okhiye we-crypto

Abagebengu basebenzise isici sephrothokholi ye-OpenPGP osekwaziwa iminyaka engaphezu kweyishumi.

Siyakutshela ukuthi liyini iphuzu nokuthi kungani bengakwazi ukulivala.

/Vula/ Chunlea Ju

Izinkinga zenethiwekhi

Maphakathi noJuni, akwaziwa enze ukuhlasela kunethiwekhi yamaseva okhiye be-cryptographic Iseva ye-SKS Keyserver, eyakhelwe kuphrothokholi ye-OpenPGP. Leli izinga le-IETF (RFC 4880), esetshenziselwa ukubethela i-imeyili neminye imilayezo. Inethiwekhi ye-SKS yadalwa eminyakeni engamashumi amathathu edlule ukuze isabalalise izitifiketi zomphakathi. Kuhlanganisa amathuluzi afana I-GnuPG yokubethela idatha nokudala amasiginesha edijithali.

Abagebengu bafake engozini izitifiketi zabanakekeli ababili bephrojekthi ye-GnuPG, uRobert Hansen noDaniel Gillmor. Ukulayisha isitifiketi esonakele kusuka kuseva kubangela ukuthi i-GnuPG yehluleke—isistimu ivele ibe yiqhwa. Kunesizathu sokukholelwa ukuthi abahlaseli ngeke bagcine lapho, futhi inani lezitifiketi ezifakwe ebucayini lizokhula kuphela. Okwamanje, inkinga ayikaziwa.

Ingqikithi yokuhlasela

Abaduni basebenzise ithuba lokuba sengozini kuphrothokholi ye-OpenPGP. Sekungamashumi eminyaka aziwa emphakathini. Ngisho naku-GitHub angathola ukuxhashazwa okuhambisanayo. Kodwa kuze kube manje akekho oye wathatha umthwalo wokuvala "umgodi" (sizokhuluma ngezizathu ngokuningiliziwe kamuva).

Izinketho ezimbalwa ezivela kubhulogi yethu ku-Habré:

• I-SDN digest - ama-emulators ayisithupha omthombo ovulekile
• Uyakha kanjani i-SDN - Amathuluzi Omthombo Ovulekile Ayisishiyagalombili
• Inhlabamkhosi yenethiwekhi: Izinto ezingu-17 zochwepheshe mayelana ne-Wi-Fi ne-5G

Ngokuvumelana nencazelo ye-OpenPGP, noma ubani angakwazi ukwengeza amasiginesha edijithali ezitifiketini ukuze aqinisekise umnikazi wawo. Ngaphezu kwalokho, inani eliphezulu lamasiginesha alilawulwa nganoma iyiphi indlela. Futhi lapha kuphakama inkinga - inethiwekhi ye-SKS ikuvumela ukuthi ubeke amasiginesha afinyelela ku-150 XNUMX esitifiketini esisodwa, kodwa i-GnuPG ayisekeli inombolo enjalo. Ngakho-ke, lapho kulayishwa isitifiketi, i-GnuPG (kanye nokunye ukufakwa kwe-OpenPGP) kuyaba yiqhwa.

Omunye wabasebenzisi wenze ucwaningo — ukungenisa isitifiketi kumthathe cishe imizuzu eyi-10. Isitifiketi sasinamasiginesha angaphezu kwezinkulungwane ezingama-54, futhi isisindo saso sasingu-17 MB:

$ gpg --homedir=$PWD --recv C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
gpg: key F20691179038E5C6: 4 duplicate signatures removed
gpg: key F20691179038E5C6: 54614 signatures not checked due to missing keys
gpg: key F20691179038E5C6: 4 signatures reordered
gpg: key F20691179038E5C6: public key "Daniel Kahn Gillmor <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
$ ls -lh pubring.gpg
-rw-r--r--  1 filippo  staff    17M  2 Jul 16:30 pubring.gpg

Ukwenza izinto zibe zimbi kakhulu, amaseva okhiye we-OpenPGP awalususi ulwazi lwesitifiketi. Lokhu kwenziwa ukuze ukwazi ukulandelela uchungechunge lwazo zonke izenzo ngezitifiketi futhi uvimbele ukushintshwa kwazo. Ngakho-ke, akunakwenzeka ukuqeda izakhi ezithintekayo.

Empeleni, inethiwekhi ye-SKS “iseva yefayela” enkulu lapho noma ubani angabhala khona idatha. Ukukhombisa inkinga, ngonyaka owedlule umhlali we-GitHub udale isistimu yefayela, egcina imibhalo kunethiwekhi yamaseva okhiye be-cryptographic.

Kungani ubungozi bungavalwanga?

Sasingekho isizathu sokuvala ukuba sengozini. Ngaphambilini, yayingasetshenziselwa ukuhlasela kwama-hacker. Nakuba umphakathi we-IT wabuza isikhathi eside Abathuthukisi be-SKS nabakwa-OpenPGP kufanele banake inkinga.

Ukuze sibe nobulungiswa, kubalulekile ukuqaphela ukuthi ngoJuni basalokhu yethuliwe iseva yokhiye wokuhlola keys.openpgp.org. Inikeza isivikelo kulezi zinhlobo zokuhlaselwa. Nokho, isizindalwazi sayo sigcwele kusukela ekuqaleni, futhi iseva ngokwayo ayiyona ingxenye ye-SKS. Ngakho-ke, kuzothatha isikhathi ngaphambi kokuba isetshenziswe.

/Vula/ URubén Bagües

Ngokuqondene nesiphazamisi ohlelweni lwangempela, indlela yokuvumelanisa eyinkimbinkimbi iyasivimbela ukuthi singalungiswa. Inethiwekhi yeseva engukhiye ekuqaleni yabhalwa njengobufakazi bomqondo wethisisi ye-PhD ka-Yaron Minsky. Ngaphezu kwalokho, kwakhethwa ulimi oluthile, i-OCaml, lwalo msebenzi. Ngu ngokusho umnakekeli u-Robert Hansen, ikhodi inzima ukuyiqonda, ngakho-ke ukulungiswa okuncane kuphela okwenziwa kuyo. Ukuze ulungise isakhiwo se-SKS, kuzodingeka ukuthi sibhalwe kabusha kusukela ekuqaleni.

Kunoma ikuphi, i-GnuPG ayikholelwa ukuthi inethiwekhi izoke ilungiswe. Kokuthunyelwe ku-GitHub, abathuthukisi baze babhala ukuthi abancomi ukusebenza ne-SKS Keyserver. Empeleni, lesi ngesinye sezizathu eziyinhloko ezenza baqale ukushintshela kukhiye wesevisi omusha.openpgp.org. Singabuka kuphela ukuthuthukiswa okuqhubekayo kwemicimbi.

Izinto ezimbalwa ezivela kubhulogi yethu yebhizinisi:

• I-Botnet "i-spams" ngokusebenzisa imizila: okudingeka ukwazi
• I-DDoS ne-5G: “ipayipi” elijiyile lisho izinkinga eziningi
• I-Firewall noma i-DPI - amathuluzi okuvikela ngezinjongo ezihlukahlukene
• I-inthanethi edolobhaneni - ukwakha inethiwekhi ye-Wi-Fi edluliselwe emsakazweni

Source: www.habr.com