Jason A Donenfeld, marubucin VPN WireGuard sanar dashi 'yan kwanaki da suka gabata wani sabon aiwatarwa sabunta daga RDRAND bazuwar lamba janareta, wanda ke da alhakin aiki na / dev / bazuwar da / dev / urandom na'urorin a cikin Linux kernel.
A ƙarshen Nuwamba, an haɗa Jason a cikin jerin masu kula da mai sarrafa bazuwar kuma yanzu ya buga sakamakon farko na aikinsa na sake yin aiki.
An ambaci a cikin sanarwar cewa sabon aiwatarwa ya fito fili canzawa zuwa amfani da aikin hash na BLAKE2s maimakon SHA1 domin entropy hadawa ayyuka.
BLAKE2s kanta yana da kyawawan kaddarorin kasancewa a ciki dangane da
ChaCha permutation, wanda RNG ya riga ya yi amfani da shi don fadadawa, don haka
bai kamata a sami matsala tare da sabon abu, asali ko CPU mai ban mamaki ba
hali kamar yadda ya dogara da wani abu da aka riga aka yi amfani da shi.
Baya ga wannan, an nuna cewa canjin Hakanan ya inganta tsaro na janareta-bazuwar lamba ta hanyar kawar da matsala ta SHA1 algorithm da kuma guje wa sake rubutawa vector fara RNG. Tun da BLAKE2s algorithm yana gaba da SHA1 a cikin aiki, amfani da shi kuma yana da tasiri mai kyau akan aikin janareta na lambar bazuwar (gwaji akan tsarin da Intel i7-11850H processor ya nuna haɓakar 131% cikin sauri).
Wani fa'idar da ta fito ita ce ta canja wurin cakuda entropy zuwa BLAKE2 shine haɗin kai na algorithms da aka yi amfani da su: Ana amfani da BLAKE2 a cikin ɓoyewar ChaCha, wanda aka riga aka yi amfani da shi don cire jerin bazuwar.
BLAKE2 gabaɗaya yana da sauri kuma tabbas ya fi tsaro, da gaske ya karye sosai. Bayan haka, da Ginin na yanzu a cikin RNG baya amfani da cikakken aikin SHA1, kamar ya ƙayyade, kuma yana ba da damar sake rubuta IV tare da fitowar RDRAND don haka ba a rubuce ba, ko da ba a saita RDRAND azaman 'amintaccen' ba, shi wanda ke tsaye ga yiwuwar zaɓukan IV masu cutarwa.
Kuma gajeren tsayinsa yana nufin don kiyaye rabin sirri kawai lokacin da ake mayar da martani ga mahaɗin yana ba mu 2 ^ 80 kawai na sirrin gaba. A wasu kalmomi, ba kawai Zaɓin aikin hash ɗin ya tsufa, amma amfaninsa kuma ba shi da kyau sosai.
Bugu da ƙari, an yi haɓakawa ga mai samar da lambar bazuwar CRNG mai aminci da aka yi amfani da shi a cikin kiran saƙon.
An kuma ambaci cewa an rage haɓakawa zuwa iyakance kira zuwa janareta na RDRAND jinkirin lokacin fitar da entropy, wanda Yana iya haɓaka aiki ta hanyar juzu'i na 3,7. Jason ya nuna cewa kiran zuwa RDRAND Yana da ma'ana ne kawai a cikin yanayin da CRNG ba a fara farawa ba tukuna, amma idan ƙaddamarwar CRNG ya cika, ƙimarsa ba zai shafi ingancin rafi da aka samar ba kuma a wannan yanayin yana yiwuwa a yi hakan ba tare da kiran RDRAND ba.
Wannan alƙawarin yana nufin magance waɗannan matsalolin guda biyu kuma, a lokaci guda, kula da abubuwan tsarin gabaɗaya da tarukan tarukan kusa da na asali.
Musamman:a) Maimakon a sake rubuta hash IV tare da RDRAND, zai yi mun sanya BLAKE2 da aka rubuta "gishiri" da "na sirri" filayen, waɗanda suke halitta musamman don irin wannan amfani.
b) Tun da wannan aikin ya dawo da sakamakon cikakken zanta zuwa ga entropy tara, mu kawai mayar da rabin tsawon na hash, kamar yadda aka yi a baya. Wannan yana ƙaruwa da sirrin gaba na gini na 2 ^ 80 a 2 ^ 128 yafi dadi.
c) Maimakon kawai amfani da danyen aikin "sha1_transform", maimakon haka muna amfani da cikakken kuma dacewa aikin BLAKE2s, tare da kammalawa.
An shirya canje-canje don haɗawa cikin kwaya 5.17 kuma masu haɓakawa Ted Ts'o (na biyu da ke da alhakin kiyaye bazuwar mai sarrafa), Greg Kroah-Hartman (mai alhakin kiyaye kwaya ta Linux) da Jean-Philippe Aumasson (marubucin BLAKE2 algorithms / 3) sun riga sun sake nazarin su.
A ƙarshe, idan kuna sha'awar samun damar ƙarin sani game da shi, kuna iya tuntuɓar cikakkun bayanai a cikin bin hanyar haɗi.