UMathy Vanhoef, umbhali wokuhlasela kwe-KRACK kumanethiwekhi angenawaya nge-WPA2, kanye no-Eyal Ronen, umbhali ohlanganyele ekuhlaselweni okuthile kwe-TLS, udalule ulwazi mayelana nokuba sengozini okuyisithupha (CVE-2019-9494 - CVE-2019-9499) kubuchwepheshe. ukuvikelwa kwamanethiwekhi angenantambo e-WPA3, okukuvumela ukuthi udale kabusha iphasiwedi yokuxhuma futhi uthole ukufinyelela kunethiwekhi engenantambo ngaphandle kokwazi iphasiwedi. Ubungozi buhlanganiswe ndawonye buqanjwe ngekhodi Dragonblood futhi buvumela indlela yokuxoxisana yoxhumano lweDragonfly, ehlinzeka ngokuvikeleka ekuqageleni iphasiwedi engaxhunyiwe ku-inthanethi, ukuthi ibe sengozini. Ngokungeziwe ku-WPA3, indlela ye-Dragonfly iphinde isetshenziselwe ukuvikela ekuqageleni kwesichazamazwi kuphrothokholi ye-EAP-pwd esetshenziswa ku-Android, amaseva we-RADIUS kanye ne-hostapd/wpa_supplicant.
Ucwaningo luhlonze izinhlobo ezimbili eziyinhloko zezinkinga zezakhiwo ku-WPA3. Zombili izinhlobo zezinkinga ekugcineni zingasetshenziselwa ukwakha kabusha iphasiwedi yokufinyelela. Uhlobo lokuqala lukuvumela ukuthi ubuyele emuva ezindleleni ezingathembekile ze-cryptographic (ukuhlaselwa kokwehlisa): amathuluzi okuqinisekisa ukuhambisana ne-WPA2 (imodi yezokuthutha, evumela ukusetshenziswa kwe-WPA2 ne-WPA3) ivumela umhlaseli ukuthi aphoqelele iklayenti ukuthi lenze izingxoxo zokuxhumanisa ezinezinyathelo ezine. esetshenziswa i-WPA2, evumela ukusetshenziswa okwengeziwe kwamaphasiwedi okuhlasela kwe-brute-force asebenza ku-WPA2. Ukwengeza, amathuba okwenza ukuhlaselwa kokwehliselwa phansi ngokuqondile endleleni yokufanisa uxhumano lwe-Dragonfly kukhonjisiwe, okuvumela umuntu ukuthi ahlehle abuyele ezinhlotsheni ezivikeleke kancane zamajika angama-elliptic.
Uhlobo lwesibili lwenkinga luholela ekuvuzeni kolwazi olumayelana nezici zephasiwedi ngokusebenzisa iziteshi zezinkampani zangaphandle futhi lusekelwe emaphutheni endlela yombhalo wekhodi wephasiwedi ku-Dragonfly, okuvumela idatha engaqondile, njengoshintsho ekubambezelekeni ngesikhathi sokusebenza, ukudala kabusha iphasiwedi yasekuqaleni. . I-algorithm ye-hash-to-curve ye-dragonfly isengozini yokuhlaselwa yinqolobane, futhi i-algorithm yayo ye-hash-to-group isengozini yokuhlaselwa kwesikhathi sokwenza. imisebenzi (ukuhlasela kwesikhathi).
Ukuze wenze ukuhlasela kwe-cache mining, umhlaseli kufanele akwazi ukwenza ikhodi engafanele kusistimu yomsebenzisi oxhuma kunethiwekhi engenantambo. Zombili izindlela zenza kube nokwenzeka ukuthola ulwazi oludingekayo ukuze kucaciswe ukukhetha okulungile kwezingxenye zephasiwedi ngesikhathi senqubo yokukhetha iphasiwedi. Ukusebenza kokuhlasela kuphezulu kakhulu futhi kukuvumela ukuthi uqagele igama-mfihlo elinezinhlamvu eziyi-8 elihlanganisa izinhlamvu ezincane, ubambe izikhathi zokuxhawulana ezingu-40 kuphela kanye nezinsiza zokusebenzisa imali ezilingana nokuqasha umthamo we-Amazon EC2 ngo-$125.
Ngokusekelwe ekubeni sengozini okuhlonziwe, kuhlongoziwe izimo ezimbalwa zokuhlasela:
- Ukuhlasela kwe-Rollback ku-WPA2 ngekhono lokwenza ukukhetha kwesichazamazwi. Ezimweni lapho iklayenti nendawo yokufinyelela isekela kokubili i-WPA3 ne-WPA2, umhlaseli angasebenzisa indawo yakhe yokufinyelela eqinile enegama lenethiwekhi elifanayo elisekela i-WPA2 kuphela. Esimeni esinjalo, iklayenti izosebenzisa indlela yokuxoxisana yokuxhumana ye-WPA2, lapho kuzonqunywa ukuthi ukuhlehliswa okunjalo akuvumelekile, kodwa lokhu kuzokwenziwa esigabeni lapho imilayezo yezingxoxo zesiteshi ithunyelwe kanye nalo lonke ulwazi oludingekayo. ngoba ukuhlaselwa kwesichazamazwi sekuputshukile. Indlela efanayo ingasetshenziswa ukuhlehlisa izinguqulo eziyinkinga zamajika ama-elliptic ku-SAE.
Ngaphezu kwalokho, kutholwe ukuthi i-iwd daemon, ethuthukiswe yi-Intel njengenye indlela ye-wpa_supplicant, kanye nesitaki esingenantambo se-Samsung Galaxy S10 sisengozini yokuhlaselwa kwehle ngisho nakumanethiwekhi asebenzisa i-WPA3 kuphela - uma la madivayisi abexhunywe kunethiwekhi ye-WPA3 ngaphambilini. , bazozama ukuxhuma kunethiwekhi ye-WPA2 eyidumi enegama elifanayo.
- Ukuhlasela kwesiteshi esiseceleni esikhipha ulwazi kunqolobane yokucubungula. I-algorithm yombhalo wekhodi wephasiwedi ku-Dragonfly iqukethe i-branching enemibandela kanye nomhlaseli, onekhono lokusebenzisa ikhodi kusistimu yomsebenzisi ongenantambo, angakwazi, ngokusekelwe ekuhlaziyweni kokuziphatha kwenqolobane, anqume ukuthi yikuphi okukhethiwe kokuvimbela isisho uma-ke-ke okunye. Ulwazi olutholiwe lungasetshenziswa ukwenza ukuqagela iphasiwedi eqhubekayo kusetshenziswa izindlela ezifana nokuhlaselwa kwesichazamazwi ungaxhunyiwe ku-inthanethi kumaphasiwedi e-WPA2. Ukuze kuvikelwe, kuhlongozwa ukuthi kushintshelwe ekusebenziseni imisebenzi enesikhathi sokwenza njalo, ngaphandle kohlobo lwedatha ecutshungulwayo;
- Ukuhlasela kwesiteshi esiseceleni ngesilinganiso sesikhathi sokwenza umsebenzi. Ikhodi yojekamanzi isebenzisa amaqembu amaningi aphindaphindayo (MODP) ukuze ifake amaphasiwedi kanye nenani elihlukile lokuphindaphinda, inombolo yakhona encike kuphasiwedi esetshenzisiwe kanye nekheli le-MAC lephoyinti lokufinyelela noma iklayenti. Umhlaseli wesilawuli kude angakwazi ukunquma ukuthi zingaki iziphindaphindo ezenziwe phakathi nokufakwa kwekhodi yephasiwedi futhi akusebenzise njengenkomba yokuqagela iphasiwedi eqhubekayo.
- Ukunqatshelwa kwekholi yesevisi. Umhlaseli angavimba ukusebenza kwemisebenzi ethile yendawo yokufinyelela ngenxa yokukhathala kwezinsiza ezitholakalayo ngokuthumela inombolo enkulu yezicelo zezingxoxo zesiteshi sokuxhumana. Ukuze udlule ukuvikelwa kwezikhukhula okunikezwa yi-WPA3, kwanele ukuthumela izicelo ezivela kumakheli e-MAC angamanga, angaphindi.
- Ukubuyela emuva emaqenjini e-cryptographic avikeleke kancane asetshenziswa kunqubo yezingxoxo zokuxhumanisa i-WPA3. Isibonelo, uma iklayenti lisekela amajika ayi-elliptic P-521 kanye ne-P-256, futhi lisebenzisa i-P-521 njengenketho ebalulekile, umhlaseli, kungakhathaliseki usekelo.
I-P-521 ohlangothini lwephoyinti lokufinyelela ingaphoqa iklayenti ukuthi lisebenzise i-P-256. Ukuhlasela kwenziwa ngokuhlunga imilayezo ethile phakathi nenqubo yokuxoxisana nokuthumela imilayezo engamanga ngolwazi mayelana nokushoda kokusekelwa kwezinhlobo ezithile zamajika ama-elliptic.
Ukuze uhlole amadivayisi ngobungozi, imibhalo embalwa ilungisiwe ngezibonelo zokuhlasela:
- I-Dragonslayer - ukuqaliswa kokuhlaselwa kwe-EAP-pwd;
- I-Dragondrain iwusizo lokuhlola ukuba sengozini kwezindawo zokufinyelela zobungozi ekusetshenzisweni kwe-SAE (Simultaneous Authentication of Equals) indlela yokuxoxisana, engasetshenziswa ukuqalisa ukwenqatshelwa kwesevisi;
- I-Dragontime - iskripthi sokuhlasela kwe-side-channel ngokumelene ne-SAE, kucatshangelwa umehluko ngesikhathi sokucubungula sokusebenza uma usebenzisa amaqembu e-MODP 22, 23 kanye ne-24;
- I-Dragonforce insiza yokuthola ulwazi (ukuqagela iphasiwedi) ngokusekelwe olwazini olumayelana nezikhathi ezihlukene zokucubungula zokusebenza noma ukunquma ukugcinwa kwedatha kunqolobane.
I-Wi-Fi Alliance, ethuthukisa izindinganiso zamanethiwekhi angenantambo, imemezele ukuthi inkinga ithinta inani elilinganiselwe lokuqaliswa kwangaphambi kwesikhathi kwe-WPA3-Personal futhi ingalungiswa nge-firmware nesibuyekezo sesofthiwe. Azikho izehlakalo ezibhaliwe zobungozi obusetshenziselwa ukwenza izenzo ezinonya. Ukuze kuqiniswe ukuvikeleka, i-Wi-Fi Alliance yengeze izivivinyo ezengeziwe ohlelweni lokunikeza isitifiketi sedivayisi engenantambo ukuze kuqinisekiswe ukufaneleka kokusetshenziswa, futhi iye yafinyelela nakubakhiqizi bedivayisi ukuze bahlanganise ngokuhlanganyela ukulungisa kwezinkinga ezikhonjiwe. Amapeshi asekhishiwe ku-hostap/wpa_supplicant. Izibuyekezo zephakheji ziyatholakala ku-Ubuntu. I-Debian, i-RHEL, i-SUSE/openSUSE, i-Arch, i-Fedora ne-FreeBSD isenezinkinga ezingakalungiswa.
Source: opennet.ru