Ithimba labacwaningi abavela eNyuvesi yaseTexas, eNyuvesi yase-Illinois, naseNyuvesi yaseWashington badalule ulwazi mayelana nomndeni omusha wokuhlaselwa kwesiteshi esiseceleni (CVE-2022-23823, CVE-2022-24436), okunekhodi ebizwa ngokuthi i-Hertzbleed. Indlela yokuhlasela ehlongozwayo isekelwe kuzici zokulawula imvamisa eguquguqukayo kumaphrosesa esimanje futhi ithinta wonke ama-Intel nama-AMD CPU amanje. Ngokunokwenzeka, inkinga ingase futhi izibonakalise kumaphrosesa avela kwabanye abakhiqizi abasekela izinguquko zemvamisa eguquguqukayo, ngokwesibonelo, ezinhlelweni ze-ARM, kodwa ucwaningo lwalulinganiselwe ekuhloleni ama-Intel ne-AMD chips. Imibhalo yomthombo esebenzisa indlela yokuhlasela ishicilelwa ku-GitHub (ukusetshenziswa kwahlolwa kukhompuyutha nge-Intel i7-9700 CPU).
Ukwandisa ukusetshenziswa kwamandla nokuvimbela ukushisa ngokweqile, amaphrosesa ashintsha ngokushintsha imvamisa kuye ngomthwalo, okuholela ekushintsheni kokusebenza futhi kuthinte isikhathi sokwenziwa kokusebenza (ushintsho lwemvamisa ngo-1 Hz luholela ekushintsheni kokusebenza ngomjikelezo wewashi elingu-1 isikhathi ngasinye okwesibili). Ngesikhathi socwaningo, kwatholakala ukuthi ngaphansi kwezimo ezithile kuma-AMD kanye ne-Intel processors, ukuguqulwa kwemvamisa kuhlobana ngqo nedatha ecutshungulwayo, okuthi, ngokwesibonelo, iholele ekutheni isikhathi sokubala sokusebenza "2022 + 23823" futhi "2022 + 24436" izohluka. Ngokusekelwe ekuhlaziyweni komehluko ngesikhathi sokwenziwa kwemisebenzi enedatha ehlukene, kungenzeka ukubuyisela ngokungaqondile ulwazi olusetshenziswe ezibalweni. Ngesikhathi esifanayo, kumanethiwekhi anesivinini esikhulu ngokulibaziseka okuqhubekayo okubikezelwayo, ukuhlasela kungenziwa ukude ngokulinganisa isikhathi sokwenziwa kwezicelo.
Uma ukuhlasela kuphumelela, izinkinga ezikhonjiwe zikwenza kube nokwenzeka ukunquma okhiye abayimfihlo ngokusekelwe ekuhlaziyweni kwesikhathi sokubala kumalabhulali e-cryptographic asebenzisa ama-algorithms lapho izibalo zezibalo zenziwa ngaso sonke isikhathi ngesikhathi esifanayo, kungakhathaliseki uhlobo lwedatha ecutshungulwayo. . Imitapo yolwazi enjalo yayibhekwa njengevikelekile ekuhlaselweni kwesiteshi eseceleni, kodwa njengoba kwavela, isikhathi sokubala asinqunywa kuphela nge-algorithm, kodwa futhi nezici zeprosesa.
Njengesibonelo esisebenzayo esibonisa ukuba nokwenzeka kokusetshenziswa kwendlela ehlongozwayo, ukuhlasela ekusetshenzisweni kokhiye we-SIKE (Supersingular Isogeny Key Encapsulation) kwaboniswa, okwafakwa kowamanqamu womncintiswano we-post-quantum cryptosystems owawubanjwe yi-US. I-National Institute of Standards and Technology (NIST), futhi ibekwe endaweni evikelekile ekuhlaselweni kwesiteshi eseceleni. Phakathi nokuhlolwa, kusetshenziswa okuhlukile okusha kokuhlasela okusekelwe kumbhalo we-ciphertext okhethiwe (ukukhethwa kancane kancane okusekelwe ekusetshenzisweni kwe-ciphertext kanye nokuthola ukukhishwa kwayo kwemfihlo), kube nokwenzeka ukubuyisela ngokuphelele ukhiye osetshenziselwa ukubethela ngokuthatha izilinganiso kusistimu ekude, naphezu kwalokho. ukusetshenziswa kokuqaliswa kwe-SIKE ngezikhathi zokubala njalo. Ukunquma ukhiye ongu-364-bit kusetshenziswa ukusetshenziswa kwe-CIRCL kuthathe amahora angu-36, futhi i-PQCrypto-SIDH ithathe amahora angu-89.
I-Intel ne-AMD ivumile ukuba sengozini kwamaphrosesa abo enkingeni, kepha abahleli ukuvimba ubungozi ngokuvuselelwa kwe-microcode, njengoba kungeke kwenzeke ukuqeda ubungozi behadiwe ngaphandle komthelela omkhulu ekusebenzeni kwehadiwe. Esikhundleni salokho, abathuthukisi bemitapo yolwazi ye-cryptographic banikezwa izincomo zokuthi bangakuvimbela kanjani ngokuhlelekile ukuvuza kolwazi lapho kwenziwa izibalo eziyimfihlo. I-Cloudflare ne-Microsoft sebevele bengeze ukuvikeleka okufanayo ekusetshenzisweni kwabo kwe-SIKE, okuholele ekushayeni kokusebenza okungu-5% kwe-CIRCL kanye nokushaya kwe-11% kokusebenza kwe-PQCrypto-SIDH. Enye indlela yokuvimbela ukuba sengozini ukukhubaza izindlela ze-Turbo Boost, Turbo Core, noma Precision Boost ku-BIOS noma umshayeli, kodwa lolu shintsho luzoholela ekwehleni okukhulu kokusebenza.
I-Intel, i-Cloudflare ne-Microsoft zaziswe ngalolu daba engxenyeni yesithathu ka-2021, kanye ne-AMD engxenyeni yokuqala ka-2022, kodwa ukudalulwa komphakathi kwalolu daba kwabambezeleka kwaze kwaba uJuni 14, 2022 ngesicelo se-Intel. Ukuba khona kwenkinga kuqinisekisiwe kuma-desktop kanye nama-laptop processors asekelwe ezizukulwaneni eziyi-8-11 ze-Intel Core microarchitecture, kanye namaphrosesa ahlukahlukene wedeskithophu, amaselula namaseva i-AMD Ryzen, i-Athlon, i-A-Series ne-EPYC (abacwaningi babonise indlela kuma-CPU e-Ryzen ane-Zen microarchitecture 2 ne-Zen 3).
Source: opennet.ru