Inguqulo entsha ye-passwdqc, isethi yamathuluzi okuqapha ubunzima bamaphasiwedi kanye nama-password, ikhishwe. Ihlanganisa i-pam_passwdqc module, i-pwqcheck, i-pwqfilter (eyengezwe kule nguqulo), kanye nezinhlelo ze-pwqgen zokusetshenziswa ngesandla noma kusuka kuma-script, kanye nomtapo wezincwadi we-libpasswdqc. Izinhlelo ezine-PAM (eziningi zazo zisekelwa). Linux, i-FreeBSD, i-DragonFly BSD, i-Solaris, i-HP-UX), futhi ngaphandle kwe-PAM (isikhombimsebenzisi sokuhlola iphasiwedi ku-OpenBSD siyasekelwa, kufakwe isibophezelo sokusebenzisa i-pwqcheck evela ku-PHP, kukhona inguqulo ekhokhelwayo ye Windows, futhi izinhlelo kanye nomtapo wolwazi kungasetshenziswa nakwezinye izinhlelo).
Uma kuqhathaniswa nezinguqulo zangaphambilini, kufakwe ukwesekwa kwamafayela okuhlunga amaphasiwedi angaphandle, kufaka phakathi lawo ango-binary, okwamanje asebenzisa isihlungi se-cuckoo esithuthukisiwe. Lesi sihlungi siqinisekisiwe ukuthi asivumeli noma yimaphi amaphasiwedi avinjelwe ukuthi adlule, kodwa ngezinye izikhathi singase sikhiqize amaphutha amahle, okungenzeka ukuthi awabalulekile uma ubheka izilungiselelo kanye ne-algorithm esetshenziswa ku-passwdqc. Ukuhlola iphasiwedi ukuthi ifakwe yini kusihlungi akudingi ukufundwa okungahleliwe okungaphezu kokubili kusuka kudiski, okushesha kakhulu futhi ngokuvamile akudali umthwalo omkhulu. iseva.
Uhlelo lwe-pwqfilter lwengezwe ku-passwdqc ngokudala nokusebenza ngezihlungi kanambambili. Ingakha isihlungi kusuka kuhlu lwamaphasiwedi ngokwawo, noma kusuka kumahashi awo we-MD4 noma we-NTLM. Ukusekelwa kwamahashi e-NTLM kuvumela ukungeniswa kwamagama ayimfihlo ohlwini lwe-HIBP (Pwned Passwords), olusatshalaliswa ngaleli fomu. Umzamo omkhulu watshalwa ekuthuthukiseni i-pwqfilter ukuze isebenze, ukubumbana kwezihlungi eziwumphumela, kanye nezinga lephozithivu elingamanga. Isibonelo, ukudala isihlungi se-cuckoo esinomthwalo ongu-98% wefayela eli-pwned-passwords-ntlm-ordered-by-hash-v7.txt, elingu-21 GiB (22 GB) futhi eliqukethe imigqa engaphezu kwezigidi ezingu-613, kuthatha cishe imizuzu engu-8 kuphrosesa ye-Core i7-4770K. Isihlungi esiwumphumela sithatha u-2.3 GiB (2.5 GB) futhi sinenani elingelona iqiniso elicishe libe ngu-1 ku-1.15 billion. Ngesici esincane sokulayisha okuqondiwe, isihlungi singadalwa ngokushesha okukhulu futhi sizoba nenani eliphansi ngisho nangaphezulu elingelona iqiniso, kodwa usayizi waso uzoba mkhulu.
I-passwdqc yenza umsebenzi omuhle kakhulu wokuvimbela amaphasiwedi abuthakathaka ngaphandle kokusebenzisa amafayela angaphandle. Ukusebenzisa amafayela angaphandle kungathuthukisa ukusebenza kahle kwe-passwdqc ngokuphazamiseka okuncane komsebenzisi, noma kungavumela ukuxegiswa kweminye imikhawulo. I-NIST incoma ukuthi uhlole amaphasiwedi akhethwe ngabasebenzisi ngokumelene nokuvuza okwaziwayo. Kuphrojekthi ye-Openwall, lokhu kungase kunikeze imali yokuthuthukisa i-passwdqc (nakwezinye izindawo) ngokuthengiswa kwezihlungi esezakhiwe kakade, kuyilapho kuvumela abasebenzisi ukuthi bazenzele ezabo izihlungi besebenzisa uhlelo lwe-pwqfilter olunelayisensi yamahhala.
I-pwqfilter isebenza ngezintambo ezingafanele futhi ingasetshenziswa esikhundleni se-grep ngezinjongo eziningi, ngisho nalezo ezingahlobene namaphasiwedi nokuphepha. Unalokhu engqondweni, i-pwqfilter inezinketho ezimbalwa ezifana nalezo eziku-grep, igwema amagama enketho angangqubuzana nalawo aku-grep, futhi isebenzisa amakhodi okubuyisela afanayo njenge-grep.
Emisebenzini lapho amaphuzu angamanga engafuneki kakhulu, izinga lawo lingancishiswa, isibonelo, libe yi-quintillion (ibhiliyoni lebhiliyoni) elinesici somthwalo esingafika ku-44%. (Isihlungi se-cuckoo sakudala asihlinzeki ngokuncipha okukhulu kokuphozithiza okungamanga ngesici somthwalo esiphansi. Ku-passwdqc, lokhu kufinyelelwa ngokuthuthukiswa kwe-algorithmic.)
Source: opennet.ru
