Manajan kalmomin shiga ba su da aminci kamar yadda suke da'awa

Darkcrizt

5 minti

kalmar wucewa-manajan-sake farawa_2018

Haɗin kan layi ya zama da yawa tun daga shekara ta 2010, musamman da zuwan kafofin sada zumunta. Yawancin sabis na kan layi suna ƙarfafa masu amfani kada su yi amfani da kalmar sirri iri ɗaya a ko'ina.

Anan ne manajan kalmar shiga suke shigowa don taimakawa masu amfani su kiyaye dukkan kalmomin shiga da suke da su a tsakiya tare da matakan tsaro (ƙara metadata da ƙari da yawa).

Yaya ake amfani da mai sarrafa kalmar sirri?

Manajan kalmar shiga ba da damar adanawa da dawo da bayanan sirri daga rumbun adana bayanai.

Masu amfani sun amintar da su don ba da garantin tsaro mafi ƙarfi daga ɓoyayyen bayanan mara mahimmanci idan aka kwatanta da sauran hanyoyin adana kalmomin shiga, kamar fayilolin rubutu marasa tsaro.

Watau, manajojin kalmar wucewa na iya ajiye dukkan kalmomin shiga da kuka yi amfani da su a Intanet a wuri guda, don haka suna da matukar amfani.

Ba komai bane kamar yadda suke zana shi

Da aka faɗi haka, ƙungiyar masu gwajin tsaro masu zaman kansu, ISE ya ruwaito wannan makon cewa wasu mashahuran manajan kalmar sirri suna da wasu lahani ana iya amfani da su don satar bayanan asali daga masu amfani, a zaton har yanzu ba a yi amfani da su ta wasu kamfanoni ba.

A rahoton da kungiyar ta gabatar, ya bayyana tabbacin tsaro da manajojin kalmar wucewa ya kamata su bayar tare da bincika tushen aikin sanannun manajan kalmar sirri biyar.

Ba ma kyauta software

Waɗannan su ne manajan kalmar wucewa 1Password, Keepass, Dashlane, da LastPass. Duk waɗannan manajojin kalmar sirri da aka jera a ƙasa suna aiki iri ɗaya, in ji su.

Masu amfani suna shigar ko ƙirƙirar kalmomin shiga a cikin software kuma suna ƙara metadata mai dacewa (alal misali, amsoshin tambayoyin tsaro da shafin da aka tsara kalmar sirri).

An ɓoye wannan bayanin sannan sai a sake ɓoyewa kawai lokacin da ya zama dole don allo ya watsa shi zuwa toshe-burauzar da ke cika kalmar shiga kan gidan yanar gizo ko kwafe ta zuwa allo don amfani.

Ga kowane ɗayan waɗannan masu gudanarwa, kungiyar ta bayyana jihohi uku na kasancewar: ba gudu ba, budewa, da kullewa.

A cikin jihar farko, manajan kalmar sirri dole ne tabbatar da ɓoyewa ta yadda muddin mai amfani bai yi amfani da kalmar wucewa mara ma'ana ba, mai kawo hari ba zai iya zato kalmar sirri ta kalmar sirri ba zato ba tsammani.

A cikin jiha ta biyu, bazai zama mai yiwuwa a cire kalmar wucewa ta asali daga ƙwaƙwalwar ajiya ba kai tsaye ko kuma a kowace hanya don dawo da kalmar sirri ta asali.

Kuma a cikin jiha ta uku, duk tabbacin tsaro na manajan kalmar sirri da ba ya aiki dole ne a yi amfani da shi ga manajan kalmar sirri a cikin jihar da aka kulle.

A cikin nazarin su, masu gwajin sun yi iƙirarin sun bincika tsarin algorithm da kowane manajan kalmar sirri ke amfani da shi don canza kalmar sirri ta maɓallin zuwa maɓallin ɓoyewa kuma cewa algorithm ɗin ba shi da rikitarwa don tsayayya da hare-haren fashewar yau.

Akan nazarin masu gudanar da tsaro

A game da 1Password 4 (sigar 4.6.2.628), binciken aikinsa na tsaro ya sami kariyar da ta dace game da shigar da kalmomin shiga kowane mutum a cikin jihar da aka bude.

Abun takaici, wannan ya wuce ta hanyar sarrafa kalmar sirri ta sirri da kuma yadda aka karya cikakkun bayanan aiwatarwa yayin tafiya daga jihar da aka bude zuwa jihar kulle. Babban kalmar sirri tana cikin ƙwaƙwalwar ajiya.

Saboda haka, 1Password master password za'a iya dawo dashi tunda ba'a goge shi daga memori ba bayan sanya manajan kalmar wucewa a cikin kulle.

Shan 1Password (sigar 7.2.576), Abin da ya ba su mamaki shi ne cewa sun gano hakan ba shi da amintacciyar gudana fiye da 1Password a sigar da ta gabata fiye da 1Password 7 tunda ta tsinke duk wasu lambobin sirri a cikin bayanan suna gwada bayanan da zaran an bude su kuma adana su, sabanin 1Password 4 wacce ta adana shigarwa daya a lokaci guda.

Hakanan gano cewa 1Password 7 baya share kalmomin shiga kowane mutum, ba ma kalmar sirri ba, ko maɓallin ƙwaƙwalwar ajiya yayin ɓoyewa daga jihar da aka buɗe zuwa jihar kulle.

Bayan haka, a cikin binciken Dashlane, matakan sun nuna cewa an fi mai da hankali kan ɓoye asirin cikin ƙwaƙwalwa don rage haɗarin cirewa.

Kari akan haka, amfani da GUI da madogara masu tunatarwa wadanda suka hana watsa sirri ga APIs na tsarin aiki daban ya kasance na Dashlane kuma yana iya bijirar da su ta hanyar sauraran bayanan ta hanyar malware.

Linux ba banda bane

Ba kamar sauran manajojin shiga ba, KeePass aiki ne na bude hanya. Mai kama da 1Password 4, KeePass yana warware shigarwar yayin da suke ma'amala.

Koyaya, dukansu suna cikin ƙwaƙwalwa saboda ba a share su daban-daban bayan kowace ma'amala. An share kalmar sirri ta asali daga ƙwaƙwalwar ajiya kuma ba za'a iya dawo da ita ba.

Koyaya, yayin da KeePass ke ƙoƙari don ɓoye asirin ta hanyar share su daga ƙwaƙwalwar ajiya, a bayyane yake akwai wasu kwari a cikin waɗannan ayyukan aiki, saboda mun gano, sun ce, cewa koda a cikin yanayin kulle, za mu iya fitar da abubuwan da ta yi hulɗa da su.

Abubuwan da aka katse suna cikin ƙwaƙwalwar ajiya koda bayan an sanya KeePass a cikin yanayin kulle.

A ƙarshe, kamar yadda yake a cikin 1Password 4, LastPass yana ɓoye maɓallin kalmar sirri lokacin da aka shigar dashi cikin filin buɗewa.

Da zarar an samo mabuɗin yanke hukunci daga kalmar wucewa ta babban, ana maye gurbin kalmar sirri ta kalmar "lastpass".

Source: masu kimantawa


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   m m
    sa 5 shekaru

    Bai kamata a adana kalmomin shiga a ko'ina ba banda littafin rubutu da aka rubuta da alkalami ... sauran kuwa kamar labarin kawun ne.

    Amsa wa ba a sani ba
  2.   Paco m
    sa 5 shekaru

    kwata-kwata yarda, a matsayin littafin rubutu babu komai tunda yana da ɗan wahala ga masu fashin kwamfuta
    shiga gidanka sata littafin rubutu

    Amsa wa Paco
  3.   lux m
    sa 5 shekaru

    Menene zai zama mai gudanarwa mafi aminci?

    Amsa zuwa luix
  4.   weedhat m
    sa 5 shekaru

    Exarin ƙari, a bayyane yake cewa mai kula da kalmar sirri ba shi da aminci 100%, saboda babu abin da ke amintacce 100% gent Duk da haka, koyaushe zai fi aminci amfani da mai sarrafa kalmar sirri fiye da rashin amfani da shi. Fensir da takarda? Babu ma'ana sai dai idan kuna da kalmomin shiga 3 ko 4 kawai, amma ga mutane irina da suke da asusu 50, 100 ko fiye da haka a wurare daban-daban hakan ba ya da ma'ana ko kadan, a kan haka dole ne mu kara cewa idan kun rasa takarda ko , ka musu ban kwana da rayuwarka ta dijital. A cikin 2019 bashi da ma'anar ma'ana don adana kalmarka ta sirri a ko'ina ban da girgije, duk an ɓoye su yadda ya kamata. Lastpass shine mafi aminci abin amfani a yau, duk wanda yayi da'awar akasin haka bai san abin da suke magana ba, kawai matsakaici ne mai amfani. Gaisuwa.

    Amsa wa Weedhat
  5.   martin m
    sa 5 shekaru

    Ina amfani https://bitwarden.com/ Menene rahoton wannan manajan kalmar wucewa ya ce?

    Amsa wa martin