Isebe elitsha elizinzileyo leTor 0.4.1 sele linikezelwe

Kwiintsuku ezimbalwa ezidlulileyo yatyhilwa ngeposi yebhlog yeTor, kunyel Ukuqaliswa kwezixhobo zeTor 0.4.1.5 isetyenziselwa ukucwangcisa umsebenzi wenethiwekhi engaziwayo yeTor.

Le nguqulo intsha ye I-Tor 0.4.1.5 yamkelwe njengenguqulelo yokuqala ezinzileyo yesebe le-0.4.1, le ikhule kwiinyanga ezine ezidlulileyo. Isebe 0.4.1 iya kuhamba kunye nomjikelo wolondolozo rhoqo: Ukukhutshwa kohlaziyo kuya kunqunyanyiswa iinyanga ezili-9 okanye iinyanga ezi-3 emva kokukhutshwa kwesebe 0.4.2 kunye Ukongeza umjikelo wenkxaso ende uyabonelelwa (LTS) yesebe 0.3.5, Olunye uhlaziyo oluya kukhutshwa kude kube nguFebruwari 1, 2022.

Kulungiselelwe abo bangaziyo ngeprojekthi yeTor (Umzila wamatswele). Le projekthi injongo yayo iphambili kuphuhliso lwenethiwekhi isasazwa nge-latency ephantsi kwaye ibekwe phezulu kwi-intanethi, apho ukuhanjiswa kwemiyalezo phakathi kwabasebenzisi kungabonakalisi ubuni babo, Oko kukuthi, idilesi ye-IP (ukungaziwa kwinqanaba lomnatha womnatha) kwaye, ukongeza, igcina ukuthembeka kunye nemfihlo yolwazi oluhamba ngalo.

Inkqubo yenzelwe uguquko oluyimfuneko ukuze ikwazi ukumilisela uphuculo, isasazwe kwilizwe lokwenyani kwaye inokumelana neentlobo ezahlukeneyo zokuhlaselwa. Nangona kunjalo, inamanqaku abuthathaka kwaye ayinakuthathwa njengenkqubo engenangqondo.

Yintoni entsha kwisebe elitsha leTor 0.4.1

Ngokukhutshwa kwesebe elitsha elizinzileyo, Inkxaso yovavanyo lokugcwaliswa okunyusayo kwinqanaba leketheni yaphunyezwa, evumela ukomeleza ukhuseleko kwiindlela zokumisela ukugcwala kweTor.

Umthengi ngoku wongeza iiseli zokutsala ekuqaleni kwentshayelelo kunye neRENDEZVOUS imitya, eyenza ukugcwala kwezi ntambo kufane nokugcwala okuthe rhoqo.

Ngelixa iifayile ze ukhuseleko oluphuculweyo kukudityaniswa kweeseli ezimbini ezongeziweyo kwicala ngalinye kwimitya yeRENDEZVOUS, kunye neseli ephambili kunye neeseli ezili-10 eziphambili kwimitya ye-INTRODUCE. Indlela evuthayo xa i-MiddleNode icacisiwe kuqwalaselo kwaye inokukhubazeka kusetyenziswa i-CircuitPadding ukhetho.

Inkxaso eyongeziweyo yeeseli ze-SENDME eziqinisekisiweyo ukukhusela kuhlaselo lwe-DoS ngokusekwe kumthwalo xa umthengi ecela ukukhuphela iifayile ezinkulu kwaye iyeke ukusebenza kokufunda emva kokuthumela izicelo, kodwa iyaqhubeka nokuthumela imiyalelo yolawulo lwe-SENDME eyalela iindawo zokufaka ukuba ziqhubeke nokudlulisa idatha.

Iseli nganye ye-SENDME ngoku ibandakanya i-hash yezithuthi, eqinisekisa kwaye indawo yokugqibela, ekufumaneni iseli ye-SENDME, inokuqinisekisa ukuba elinye icala sele liyifumene itrafikhi ethunyelwe ngokuqhubekeka kweeseli ezidlulisiweyo.

Isakhelo sibandakanya ukumiliselwa kwenkqubo esezantsi ngokubanzi yokuthumela imiyalezo kwindlela yababhalisi-yababhalisi, enokusetyenziselwa ukuqulunqa unxibelelwano ngaphakathi kwemodyuli.

Ukuhlalutya imiyalelo yolawulo, inkqubo esezantsi yohlalutyo isetyenziswa endaweni yohlalutyo olwahlukileyo lwedatha yokufaka yomyalelo ngamnye.

La ukwenziwa komsebenzi Yenziwe ukunciphisa umthwalo kwi-CPU. I-Tor ngoku isebenzisa i-pseudo-random number generator ekhawulezayo (PRNG) kumjelo ngamnye, osekwe ekusetyenzisweni kwendlela yokubethela ye-AES-CTR kunye nokusetyenziswa kokubumba izinto ezinjengelayibrari kunye nekhowudi entsha ye-OpenBSD arc4random ().

De Olunye utshintsho lubhengezwe kweli sebe, sinokufumana:

  • Iziphumo ezincinane, umvelisi ocetywayo uphantse kali-100 ngokukhawuleza kune-CSPRNG ye-OpenSSL 1.1.1.
  • Ngaphandle kwento yokuba i-PRNG entsha ivavanywa ngabaphuhlisi beTor njenge-crypto ethembekileyo, ukuza kuthi ga ngoku isetyenziswa kuphela kwiindawo ezifuna ukusebenza okuphezulu, umzekelo kwikhowudi yokwenza inkqubo yokuncamathelisa eyongezelelweyo.
  • Yongezwe "- uluhlu-lweemodyuli" ukhetho lokubonisa uluhlu lweemodyuli ezibandakanyiweyo
  • Kwinguqulelo yesithathu yenkqubo efihliweyo yeenkonzo, umthetho we-HSFETCH waphunyezwa, owawusekelwa ngaphambili kuphela kuhlobo lwesibini.
  • Ukulungiswa kwe-bugs kwikhowudi yokuqalisa ye-Tor (bootstrap) kunye nokusebenza kwenguqulelo yesithathu yeprotocol yeenkonzo ezifihliweyo.

Umthombo: https://blog.torproject.org/


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.