U-Jason A. Donenfeld, umbhali we-VPN WireGuard, wenze isiphakamiso sokuqaliswa okubuyekeziwe kwe-RDRAND pseudo-random generator enesibopho sokusebenza kwamadivayisi we-/dev/random kanye //dev/urandom ku-Linux kernel. Ekupheleni kukaNovemba, u-Jason wafakwa enanini labanakekeli bomshayeli ongahleliwe futhi manje useshicilele imiphumela yokuqala yomsebenzi wakhe ekucutshungulweni kwawo.
Ukuqaliswa okusha kuyaphawuleka ngokushintshela ekusebenziseni umsebenzi we-BLAKE2s hashi esikhundleni se-SHA1 ngemisebenzi yokuxuba i-entropy. Ushintsho luthuthukise ukuvikeleka kwejeneretha yenombolo-mbumbulu ngokususa i-algorithm eyinkinga ye-SHA1 futhi isuse ukubhala phezu kwevekhtha yokuqalisa ye-RNG. Njengoba i-algorithm ye-BLAKE2s iphakeme kune-SHA1 ekusebenzeni, ukusetshenziswa kwayo nakho kube nomthelela omuhle ekusebenzeni kwejeneretha yenombolo engahleliwe (ukuhlolwa ohlelweni olunomshini we-Intel i7-11850H kubonise ukukhuphuka kwejubane ngo-131%. Enye inzuzo yokudlulisela ukuxuba kwe-entropy ku-BLAKE2 kwaba ukuhlanganisa ama-algorithms asetshenzisiwe - I-BLAKE2 isetshenziswa ku-ChaCha cipher, kakade isetshenziselwa ukukhipha ukulandelana okungahleliwe.
Ngaphezu kwalokho, kwenziwe ukuthuthukiswa kwe-crypto-secure pseudo-random generator CRNG esetshenziswe ocingweni lwe-gerandom. Ukuthuthukiswa kukhuphukela ekukhawuleleni ucingo oluya kujeneretha ehamba kancane ye-RDRAND lapho ikhipha i-entropy, ethuthukisa ukusebenza izikhathi ezingu-3.7. U-Jason ubonise ukuthi ukushayela i-RDRAND kunengqondo kuphela esimweni lapho i-CRNG ingakaqaliswa ngokugcwele, kodwa uma ukuqaliswa kwe-CRNG kuqediwe, inani layo alithinti ikhwalithi yokulandelana okukhiqizwa futhi kulokhu ucingo oluya ku-RDRAND. ingakhishwa.
Izinguquko zihlelelwe ukufakwa ku-5.17 kernel futhi sezibuyekeziwe kakade onjiniyela u-Ted Ts'o (umnakekeli wesibili womshayeli ongahleliwe), u-Greg Kroah-Hartman (obhekele ukugcina igatsha elizinzile le-Linux kernel) no-Jean-Philippe Aumasson ( umbhali wama-algorithms we-BLAKE2/3).
Source: opennet.ru