UJason A Donenfeld, umbhali we-VPN WireGuard yazise kwiintsuku ezimbalwa ezidlulileyo ukuphunyezwa okutsha ihlaziywe kwi-RDRAND random number generator, enoxanduva lokusebenza kwe / dev / random kunye / dev / urandom izixhobo kwi Linux kernel.
Ekupheleni kukaNovemba, uJason ufakwe kuluhlu lwabagcini be-random controller kwaye ngoku upapashe iziphumo zokuqala zomsebenzi wakhe wokuhlaziya.
Kukhankanyiwe kwisibhengezo sokuba ukuphunyezwa okutsha kugqamile ukutshintshela ekusebenziseni i-BLAKE2s hash function endaweni ye-SHA1 kwimisebenzi yokuxuba entropy.
I-BLAKE2s ngokwayo inepropati emnandi yokuba ngaphakathi esekelwe kwi
I-ChaCha permutation, apho i-RNG sele isetyenziselwa ukwandiswa, ngoko
kufuneka kungabikho ngxaki ngezinto ezintsha, imvelaphi, okanye iCPU emangalisayo
ukuziphatha njengoko kusekelwe kwinto esele isetyenziswa.
Ukongeza koku, kugxininiswa ukuba utshintsho kwakhona kuphuculwe ukhuseleko lwe-pseudo-random number generator ngokususa i-algorithm ye-SHA1 enzima kunye nokunqanda ukubhala ngaphezulu kwe-RNG yokuqalisa i-vector. Ekubeni i-algorithm ye-BLAKE2s iphambi kwe-SHA1 ekusebenzeni, ukusetyenziswa kwayo kuye kwaba nefuthe elihle ekusebenzeni kwe-pseudo-random number generator (uvavanyo kwinkqubo ene-Intel i7-11850H iprosesa ibonise ukunyuka kwe-131% kwisantya).
Enye i-advanteji ebalaseleyo yeyokutshintshela umxube we-entropy kwi-BLAKE2 kukudityaniswa kwe-algorithms esetyenzisiweyo: I-BLAKE2 isetyenziswe kwi-encryption ye-ChaCha, esele isetyenziselwa ukukhupha ukulandelelana okungahleliwe.
I-BLAKE2s ikhawuleza kwaye ngokuqinisekileyo ikhuselekile ngakumbi, iye yaphukile ngokwenene kakhulu. Ngaphandle koko, i Ulwakhiwo lwangoku kwi-RNG alusebenzisi umsebenzi opheleleyo we-SHA1, njengoko ixela, kwaye ivumela ukubhala ngaphezulu i-IV ngemveliso ye-RDRAND ngoko ayibhalwanga, nokuba iRDRAND ayimiselwanga njenge 'ithenjiweyo', yona emele ukhetho olunolunya olunokwenzeka lwe-IV.
Kwaye ubude bayo obufutshane buthetha ukugcina kuphela isiqingatha semfihlo xa usondla emva komxube isinika kuphela 2 ^ 80 amasuntswana emfihlo eya phambili. Ngamanye amazwi, hayi kuphela ukhetho lomsebenzi we-hash luphelelwe lixesha kodwa usetyenziso lwayo alulunganga ngenene.
Ukongezelela, uphuculo lwenziwe kwi-crypto-secure CRNG pseudo-random number generator esetyenziswe kwifowuni ye-gerandom.
Kukwakhankanywa ukuba uphuculo luyancitshiswa ukuze lucuthe umnxeba kwijenereyitha ye-RDRAND ucotha xa kutsalwa entropy, leyo Inokuphucula ukusebenza ngomlinganiselo we-3,7. UJason ubonise ukuba umnxeba oya kwi-RDRAND Kunengqiqo kuphela kwimeko apho i-CRNG ingakaqaliswa ngokupheleleyo, kodwa ukuba ukuqaliswa kwe-CRNG kugqityiwe, ixabiso layo alichaphazeli umgangatho womlambo owenziweyo kwaye kule meko kunokwenzeka ukwenza ngaphandle kokubiza i-RDRAND.
Oku kuzibophelela kujolise ekusombululeni ezi ngxaki zimbini kwaye, kwangaxeshanye, kugcinwe Ulwakhiwo jikelele kunye nesemantics ngokusondeleyo kangangoko kunokwenzeka kwintsusa.
Ngokukodwa:a) Endaweni yokubhala ngaphezulu i-hash IV nge-RDRAND, iya kuba njalo sibeka kwiinkalo ezibhaliweyo «ityuwa» kunye «nabasebenzi» ye-BLAKE2, ezi yenzelwe ngokukodwa olu hlobo losetyenziso.
b) Ekubeni lo msebenzi ubuyisela isiphumo sehashi epheleleyo kwi entropy umqokeleli, sibuyisela kuphela isiqingatha ubude Hash, njengoko bekusenziwa ngaphambili. Oku kwandisa imfihlo yokwakha kwangaphambili ye-2 ^ 80 a 2 ^ 128 ukhululeke ngakumbi.
c) Endaweni yokusebenzisa nje "sha1_transform" ekrwada umsebenzi, endaweni yoko sisebenzisa umsebenzi opheleleyo nofanelekileyo weBLAKE2s, ngokugqitywa.
Utshintsho lucwangciselwe ukufakwa kwi-kernel 5.17 kwaye sele sele ihlaziywe ngabaphuhlisi uTed Ts'o (owesibini ojongene nokugcina umlawuli ongahleliwe), uGreg Kroah-Hartman (onoxanduva lokugcina i-Linux kernel ezinzileyo) kunye noJean-Philippe Aumasson (umbhali we-BLAKE2 algorithms / 3).
Okokugqibela, ukuba unomdla wokwazi ngakumbi ngayo, ungajongana neenkcukacha kwi ukulandela ikhonkco.