Kwi-OpenSSH bacebisa ukuphelisa inkxaso yezitshixo ze-DSA

kuvulwa

I-OpenSSH yiseti yezicelo ezivumela unxibelelwano olufihliweyo kuthungelwano, kusetyenziswa iSSH protocol.

Kutshanje kubhengezwe, ngoluhlu lokuposa lweprojekthi ye-OpenSSH, i icetywe isicwangciso sokuphelisa inkxaso yezitshixo ezisekelwe kwi-algorithm ye-DSA.

Kuyakhankanywa ukuba esona sizathu ukuyeka ukuxhasa le algorithm, kungenxa yokuba ngoku Izitshixo ze-DSA aziboneleli ngenqanaba elaneleyo lokhuseleko, kunikwe umda wayo we-160-bit yesitshixo sabucala kunye nokusetyenziswa kwe-SHA1, leyo, ngokwemiqathango yokhuseleko, iphantse ilingane neqhosha le-80-bit symmetric.

I-DSA imele i-Digital Signature Algorithm. Isetyenziselwa utyikityo lwedijithali kunye nokuqinisekisa. Isekwe kwingqikelelo yezibalo yemodyuli yokucacisa kunye nelogarithm ecacileyo. Yaphuhliswa liZiko leSizwe leMigangatho kunye neTeknoloji (NIST) kwi-1991.

Ibandakanya imisebenzi emine:

1. IsiZukulwana esiPhambili

2. Ukusasazwa okuPhambili

3. Umsayino

4. Ukuqinisekisa uMsayino

Kufuneka sikhumbule ukuba kwi-OpenSSH Usetyenziso oluhlala lukhona lwezitshixo ze-DSA yayekwa ngo-2015, yagcinwa njengendlela yokukhetha, ekubeni le algorithm yayiyimfuneko ekuphunyezweni kwiprotocol ye-SSHv2. Le mfuno yavela ngenxa yokuba, ngexesha iprotocol ye-SSHv2 yayisenziwa kwaye yamkelwa, zonke iindlela ezizezinye zazixhomekeke kumalungelo awodwa omenzi wechiza. Nangona kunjalo, ekuhambeni kwexesha, imeko itshintshile: amalungelo abenzi anxulumene ne-RSA aphelelwe lixesha, kwaye i-algorithms efana ne-ECDSA kunye ne-EdDSA ziye zaziswa, ezidlula kakhulu i-DSA ekusebenzeni nokhuseleko.

I-DSA, njengoko kuchaziwe kwiprotocol ye-SSHv2, ibuthathaka ngokwendalo:
umda kwiqhosha labucala le-160-bit kunye nokusetyenziswa kwe-SHA1 digest. Ngaba
Uqikelelo lwenqanaba lokhuseleko <= 80-bit symmetric elingana.

I-OpenSSH iye yacima izitshixo ze-DSA ngokungagqibekanga ukusukela ngo-2015, kodwa iwagcine njengenkxaso yokuzikhethela kubo. I-DSA kuphela kwe-algorithm egunyazisiweyo ukuba iphunyezwe kwi-SSHv2 RFCs, ikakhulu ngenxa yokuba iindlela ezizezinye ze-algorithms zaye zafakwa kwi-patent xa yayiyilwa yaza yachazwa.

Ukususela ngoko, ihlabathi liye lahamba phambili. I-RSA ayinamqobo kwaye iyayixhasa
kuba ikho yonke indawo. I-ECDSA ibonelela ngomsebenzi obalulekileyo kunye neenzuzo zokhuseleko ngaphezu kwe-modp DSA kunye ne-EDDSA igqwesa ukusebenza okongeziweyo kunye nophuculo lokhuseleko kuzo zombini kwakhona.

Emva kokuvavanya imeko yangoku, Abaphuhlisi be-OpenSSH baye bagqiba ekubeni iindleko ezinxulumene nokugcina i-algorithm ye-DSA engakhuselekanga ayisathetheleleki. Ukususwa kwe-DSA kubonwa njengenkuthazo kwezinye iinkqubo ze-SSH kunye namathala eencwadi e-cryptographic ukuba nawo ayeke ukuxhasa i-DSA.

Ukongeza kuyo, isicwangciso sokuphelisa i-DSA kwikhowudi sele sipapashiwe ye-OpenSSH, ukususela ekuqaleni, njengoko sele kukhankanyiwe ekuqaleni, inkxaso yaphuma kwi-default ukuya kwi-option kunye nokuphambuka kuthathwe uguqulelo luka-Aprili lwezicwangciso ze-OpenSSH zokugcina ukuqulunqwa kwe-DSA, kodwa iya kunika ukukwazi ukukhubaza i-DSA ngexesha lokuhlanganiswa.

Emva koko, ukukhutshwa kukaJuni, i-DSA iya kukhutshazwa ngokungagqibekanga ngexesha lokwakha, kwaye iya kususwa kwi-codebase ekuqaleni kwe2025.

Ngaba oku akwenzi ukuba i-OpenSSH ingahambelani ne-RFC4253?

Kakhulu kakhulu kunokuba besinjalo ukusukela ngo-2015, xa sayekayo ukunika inkxaso ye-DSA ngokungagqibekanga.

* Kutheni usenza olu tshintsho ngoku? Kutheni kungenjalo ngaphambi/emva?

Sikholelwa ukuba ixesha elaneleyo lidlulile ukusukela oko i-DSA yacinywa ngokungagqibekanga, nto leyo ekhokelele ekuzikhwebuleni ekusebenziseni i-algorithm luninzi lwabasebenzisi. Kwakhona kunokwenzeka ukuba kungekudala siza kuqala ukuhlolisisa i-algorithm yesignesha ye-post-quantum kwaye siqaphele ubungakanani obupheleleyo kunye nobunzima beqhosha / ikhowudi yesignesha.

Okokugqibela, kukhankanyiwe ukuba abo basebenzisi basafuna inkxaso ye-DSA kwicala labaxumi, izakubanokhetho lokusebenzisa olunye ulwakhiwo lweenguqulelo ezindala ze-OpenSSH, njengempahla yeDebian ebonelelweyo "openssh-client-ssh1" Le phakheji, isekwe kwi-OpenSSH 7.5, yenzelwe ukuqhagamshela kwiiseva ze-SSH kusetyenziswa iprotocol ye-SSHv1, eyayekwa ukusetyenziswa kwi-OpenSSH 7.6 kwiminyaka emithandathu eyadlulayo.

ekugqibeleni ukuba ukhona unomdla wokwazi ngakumbi ngayo, Ngoko jonga iinkcukacha kwi ngokulandelayo unxibelelwano


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.