Iphrojekthi ye-Fedora iveze isu lokukhubaza usekelo lwamasiginesha edijithali ngokususelwe ku-algorithm ye-SHA-1 ku-Fedora Linux 39. Ukukhubaza kuhlanganisa ukuqeda ukwethenjwa kumasiginesha asebenzisa ama-SHA-1 hashe (SHA-224 azomenyezelwa njengenani elincane elisekelwayo kudijithali. amasiginesha), kodwa ukugcina ukusekelwa kwe-HMAC nge-SHA-1 nokunikeza amandla okunika amandla iphrofayela ye-LEGACY nge-SHA-1. Ngemva kokufaka izinguquko, ilabhulali ye-OpenSSL ngokuzenzakalelayo izoqala ukuvimba ukukhiqizwa nokuqinisekiswa kwamasiginesha nge-SHA-1.
Ukukhubaza kuhlelwe ukuthi kwenziwe ngezigaba ezimbalwa: Ku-Fedora Linux 36, amasiginesha asuselwa ku-SHA-1 azokhishwa kunqubomgomo "YEKUSASA", inqubomgomo yokuhlola TEST-FEDORA39 inikezwa ukukhubaza i-SHA-1 ngesicelo sika umsebenzisi (buyekeza-izinqubomgomo-crypto-setha TEST-FEDORA39), lapho udala futhi uqinisekisa amasiginesha asekelwe ku-SHA-1, izixwayiso zizoboniswa kulogi. Ngesikhathi sokukhishwa kwangaphambili kwe-beta kwe-Fedora Linux 38, inqolobane ye-rawhide izoba nenqubomgomo evimbela ukusetshenziswa kwamasiginesha asekelwe ku-SHA-1, kodwa lolu shintsho ngeke lusetshenziswe ku-beta nasekukhishweni kwe-Fedora Linux 38. Ngokukhishwa kwe-Fedora Linux 39, inqubomgomo yokuhoxisa yamasiginesha asekelwe ku-SHA-1 izosetshenziswa ngokuzenzakalela.
Uhlelo oluhlongozwayo alukabuyekezwa yi-FESCo (Fedora Engineering Steering Committee), enesibopho sengxenye yezobuchwepheshe yokuthuthukiswa kokusatshalaliswa kwe-Fedora. Ukuphela kosekelo lwamasiginesha asekelwe ku-SHA-1 kungenxa yokwanda kokusebenza kahle kokuhlaselwa kokushayisana ngesiqalo esinikeziwe (izindleko zokukhetha ukushayisana zilinganiselwa emashumini ambalwa ezinkulungwane zamadola). Iziphequluli zinezitifiketi ezimakiwe ezisayinwe kusetshenziswa i-algorithm ye-SHA-1 njengokungavikelekile kusukela maphakathi no-2016.
Source: opennet.ru