Umngcipheko kwi-cryptsetup uvumele uguqulelo oluntsonkothileyo ukuba luvaliwe kwizahlulo ze-LUKS2

Kutshanje iindaba ziye zaqhekeka kuchongwe ubungozi (sele zidweliswe phantsi kwe-CVE-2021-4122) kwiphakheji yeCrypsetup, esetyenziselwa ukufihla izahlulo zediski kwi Linux.

Kuyakhankanywa ukuba ukuxhaphaza ubuthathaka, umhlaseli kufuneka abe nokufikelela ngokwasemzimbeni kwindlela efihliweyo, oko kukuthi, indlela yenza ingqiqo ikakhulu ekuhlaseleni iidrives zangaphandle ezifihliweyo, ezinje nge-flash drives, apho umhlaseli anofikelelo, kodwa akalazi igama eligqithisiweyo lokususa ukuntsonkotha kwedatha.

Uhlaselo isetyenziswa kuphela kwifomathi ye-LUKS2 kwaye inxulunyaniswe nokuguqulwa kwemetadata uxanduva lokuvula ulwandiso lwe-«online encryption», oluvumela, ukuba kukho imfuneko, ukutshintsha isitshixo sofikelelo, qalisa inkqubo yofihlo lwedatha kubhabho ngaphandle kokumisa umsebenzi kunye nokwahlulahlula.

Ekubeni inkqubo ye-decryption kunye ne-encryption kunye nesitshixo esitsha ithatha ixesha elide, "i-reencryption ye-intanethi" ikuvumela ukuba ungaphazamisi umsebenzi kunye nokwahlula kwaye wenze ukubethelwa kwakhona ngasemva, ngokuthe ngcembe uhambisa idatha ukusuka kwelinye iqhosha ukuya kwelinye. Ngokukodwa, kunokwenzeka ukuba ukhethe iqhosha elingenanto ekujoliswe kulo, elikuvumela ukuba uguqulele icandelo kwifom engabhalwanga.

Umhlaseli unokwenza utshintsho kwimethadatha ye-LUKS2 elinganisa ukulahlwa kokusebenza kwe-decryption ngenxa yokungaphumeleli kunye nokufezekisa ukuchithwa kwenxalenye yesahlulo emva kokusebenza okulandelayo kunye nokusetyenziswa kwe-drive modified ngumnini. Kule meko, umsebenzisi oqhagamshele idrayivu elungisiweyo kwaye wayivula ngegama eligqithisiweyo elichanekileyo akafumani nasiphi na isilumkiso malunga nokubuyiselwa kokuphazanyiswa kokusebenza kofihlo kwakhona kwaye unokufumanisa inkqubela phambili yalo msebenzi kuphela ngomyalelo we "luks Dump" . Ubungakanani bedatha umhlaseli angakwazi ukuqhawula kuxhomekeke kubukhulu bentloko ye-LUKS2, kodwa kunye nobukhulu obungagqibekanga (16 MiB) bunokugqithisa i-3 GB.

Ingxaki Isuka kwinto yokuba nangona umsebenzi wofihlo kwakhona ufuna ubalo kunye nokuqinisekiswa kwee-hashes zezitshixo ezintsha kunye nezidala, i-hash ayifuni ukubuyisela inkqubo yokuchithwa kwe-decryption ephazamisekileyo ukuba imeko entsha ithetha ukungabikho kwesitshixo soguqulelo (isicatshulwa esicacileyo).

Kwakhona, Imetadata ye-LUKS2 echaza i-algorithm yoguqulelo oluntsonkothileyo ayikhuselwanga kuhlengahlengiso ukuba bawela ezandleni zomhlaseli. Ukuthintela ubuthathaka, abaphuhlisi bongeza ukhuseleko olongezelelweyo lwemethadatha kwi-LUKS2, apho i-hash eyongezelelweyo iqinisekisiwe ngoku, ibalwa ngokusekelwe kwizitshixo ezaziwayo kunye nomxholo wemethadatha, oko kukuthi umhlaseli akayi kuphinda akwazi ukutshintsha i-metadata ngokufihlakeleyo ngaphandle kokwazi igama lokugqitha.

Imeko yokuhlaselwa eqhelekileyo ifuna ukuba umhlaseli abe nethuba ukubeka izandla zabo kwidiski amaxesha amaninzi. Okokuqala, umhlaseli, ongayazi i-password yokufikelela, wenza utshintsho kwindawo yemetadata eqalisa ukuchithwa kwenxalenye yedatha kwixesha elizayo xa i-drive ivuliwe.

I-drive ibuyiselwa kwindawo yayo kwaye umhlaseli ulinda de umsebenzisi adibanise ngokufaka igama eliyimfihlo. Ngethuba lokuvula umsebenzisi wesixhobo, inkqubo yoguqulelo lwe-encryption iqala ngasemva, apho inxalenye yedatha efihliweyo itshintshwa ngedatha efihliweyo. Kwakhona, ukuba umhlaseli uyakwazi ukufumana izandla zabo kwisixhobo kwakhona, enye yedatha kwi-drive iya kukhutshwa.

Ingxaki ichongiwe ngumgcini weprojekthi ye-cryptsetup kwaye ilungiswe kwi-cryptsetup 2.4.3 kunye ne-2.3.7 yohlaziyo.

Ubume bokwenziwa kohlaziyo ngesisombululo sengxaki kunikezelo kunokulandelelwa kula maphepha: RHELUSUSEFedoraUbuntuigophe. Ubuthathaka bubonakala kuphela ukususela ekukhutshweni kwe-cryptsetup 2.2.0, eyazisa inkxaso yokusebenza "kwe-intanethi recrypt". Ukuqala ngokhetho "-disable-luks2-reencryption" ingasetyenziswa njengesisombululo sokhuseleko.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga neendaba, ungajonga iinkcukacha kwi ukulandela ikhonkco.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.