Amalungu Ethimba Lezokuphepha le-Google ashicilele umtapo wolwazi ovulekile, i-Paranoid, oklanyelwe ukuhlonza ama-artifact e-cryptographic abuthakathaka, njengokhiye basesidlangalaleni namasignesha edijithali, adalwe ngezingxenyekazi zekhompuyutha ezisengozini (HSM) nezinhlelo zesofthiwe. Ikhodi ibhalwe ngePython futhi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.
Iphrojekthi ingase ibe usizo ekuhloleni ngokungaqondile ukusetshenziswa kwama-algorithms namalabhulali anezikhala ezaziwayo kanye nokuba sengozini okuthinta ukwethembeka kokhiye abakhiqiziwe namasignesha edijithali uma ama-artifacts aqinisekiswayo enziwa yizingxenyekazi zekhompuyutha ezingafinyeleleki noma izingxenye ezivaliwe eziyibhokisi elimnyama. Umtapo wolwazi ungaphinda uhlaziye amasethi ezinombolo zomgunyathi ngokwethembeka kwejeneretha yazo, futhi kusukela eqoqweni elikhulu lama-artifact, uhlonze izinkinga ezingaziwa ngaphambilini ezivela emaphutheni ezinhlelo noma ukusetshenziswa kwezinjini zamajeneretha zezinombolo mbumbulu ezingathembekile.
Lapho kusetshenziswa umtapo wolwazi ohlongozwayo ukuhlola okuqukethwe kwelogi yomphakathi ye-CT (Certificate Transparency), ehlanganisa ulwazi mayelana nezitifiketi ezingaphezu kwezigidigidi ezingu-7, abekho okhiye basesidlangalaleni abayinkinga abasuselwe kumajika ama-elliptic (EC) namasignesha edijithali asekelwe ku-algorithm ye-ECDSA etholakele. , kodwa okhiye basesidlangalaleni abayinkinga batholwe ngokusekelwe ku-algorithm ye-RSA. Ikakhulukazi, okhiye abangathenjwa abangu-3586 bahlonzwe abakhiqizwe ngekhodi ngobungozi obungalungisiwe be-CVE-2008-0166 kuphakheji ye-OpenSSL ye-Debian, okhiye abangu-2533 abahlotshaniswa nokuba sengozini kwe-CVE-2017-15361 kulabhulali ye-Infineon, kanye nokhiye abangu-1860 ubungozi obuhlobene nosesho lwe-extra common divisor (GCD). Ulwazi mayelana nezitifiketi eziyinkinga ezisasetshenziswa luthunyelwe kuziphathimandla ezinikeza izitifiketi ukuze zihoxiswe.
Source: opennet.ru