Ungadlulisi ama-block ciphers amancane

Ama-block cipher amancane ama-symmetric encryption algorithms asebenza kumabhulokhi edatha angama-bits angu-64 noma ngaphansi, futhi ukuqonda amandla awo nemikhawulo kubalulekile kunoma yiliphi ibhizinisi eliphatha idatha ebucayi. Nakuba amasistimu amafa asathembela kuwo, izindinganiso zokuphepha zesimanje ziya ngokuya zifuna indlela yesu ekukhetheni i-cipher elinganisa ukuhambisana, ukusebenza, kanye nokuchayeka engozini.

Ayini Kahle Ama-Block Ciphers futhi Kungani Kufanele Amabhizinisi Anakekele?

I-block cipher ibethela izingxenyana zosayizi ongashintshi wombhalo osobala ube umbhalo we-ciphertext. Ama-block cipher amancane—lawo asebenzisa amabhulokhi angama-32- kuya ku-64-bit—ayeyindinganiso evelele amashumi eminyaka. I-DES, i-Blowfish, i-CAST-5, ne-3DES zonke ziwela kulesi sigaba. Aklanywe enkathini lapho izinsiza zokubala zaziyivelakancane, futhi osayizi bawo bebhulokhi abahlangene babonisa lezo zingqinamba.

Kumabhizinisi namuhla, ukuhambisana kwama-block ciphers akukona okufunda. Amasistimu ebhizinisi, amadivayisi ashumekiwe, ingqalasizinda yebhange lefa, nezinhlelo zokulawula zezimboni ngokuvamile zisebenzisa ama-ciphers afana ne-3DES noma i-Blowfish. Uma inhlangano yakho isebenzisa noma iyiphi yalezi zindawo—noma ihlanganisa nozakwethu abakwenzayo—usuvele uku-block cipher ecosystem encane, kungakhathaliseki ukuthi uyakuqonda noma cha.

Inkinga esemqoka yilokho ababhali be-cryptographers abakubiza umgomo wosuku lokuzalwa. Nge-block cipher engu-64-bit, ngemva cishe kwamagigabhayithi angu-32 edatha ebethelwe ngaphansi kokhiye ofanayo, amathuba okungqubuzana akhuphukela kumazinga ayingozi. Ezindaweni zedatha yesimanje lapho ama-terabytes egeleza kumasistimu nsuku zonke, lo mkhawulo weqe ngokushesha.

Iziphi Izingozi Zangempela Zokuvikela Eziboshelwe Kuma-Block Ciphers Amancane?

Ubungozi obuhlobene nama-block cipher amancane abhalwe kahle futhi ayaxhashazwa. Isigaba sokuhlasela esivelele kakhulu esokuhlasela kwe-SWEET32, esidalulwe abacwaningi ngo-2016. I-SWEET32 ibonise ukuthi umhlaseli ongakwazi ukuqapha ithrafikhi eyanele ebethelwe ngaphansi kwe-block cipher engu-64-bit (njenge-3DES ku-TLS) angakwazi ukuthola umbhalo osobala ngokungqubuzana kosuku lokuzalwa.

"Ukuvikeleka akukhona ngokugwema zonke izingcuphe—kumayelana nokuqonda ukuthi iziphi izingozi ozamukelayo nokwenza izinqumo ezinolwazi ngazo. Ukuziba usuku lokuzalwa kuma-block ciphers amancane akuyona ingozi ebaliwe; kuwukugada."

Ngaphandle kwe-SWEET32, ama-block cipher amancane abhekana nalezi zingozi ezibhaliwe:

• Vimba ukuhlasela kokushayisana: Uma amabhulokhi amabili emibhalo engenalutho ekhiqiza amabhlokhi afanayo e-ciphertext, abahlaseli bathola ukuqonda ngobudlelwano phakathi kwamasegimenti edatha, okungase kuvezwe amathokheni okuqinisekisa noma okhiye besikhathi.
• Ukuchayeka kwephrothokholi yefa: Ama-block cipher amancane ngokuvamile avela ekucushweni kwe-TLS okuphelelwe yisikhathi (TLS 1.0/1.1), okwandisa ubungozi bomuntu ophakathi nendawo ekusetshenzisweni kwamabhizinisi amadala.
• Ubungozi bokusebenzisa kabusha ukhiye: Amasistimu angajikelezi okhiye bokubethela ngokuvamile ngokwanele akhulisa inkinga yesibopho sosuku lokuzalwa, ikakhulukazi kumaseshini athatha isikhathi eside noma ukudluliswa kwedatha ngobuningi.
• Ukwehluleka kokuthobelana: Izinhlaka zokulawula ezifaka i-PCI-DSS 4.0, i-HIPAA, ne-GDPR manje ingase idikibalise ngokusobala noma ivimbele ngokuphelele i-3DES ezimweni ezithile, okuveza amabhizinisi engozini yokuhlola.
• Ukuchayeka kwe-Supply chain: Amalabhulali ezinkampani zangaphandle nama-API omthengisi angakabuyekezwa angase axoxisane buthule ngama-block cipher suite, adale ubungozi ngaphandle kokulawula kwakho okuqondile.

Ingabe Ama-block Cipher Amancane Aqhathaniswa Kanjani Nezinye Zesimanje Zokubhala Ngemfihlo?

I-AES-128 kanye ne-AES-256 isebenza kumabhulokhi angu-128-bit, iphindaphinda kane isilinganiso sosuku lokuzalwa uma siqhathaniswa namabhithi angu-64. Ngokwezinto ezibonakalayo, i-AES ingabhala ngemfihlo cishe amabhayithi angama-undecillion angama-340 ngaphambi kokuba ingozi yokubophezela usuku lokuzalwa ibe yinto ephawulekayo—isuse ngempumelelo ukukhathazeka kokushayisana kwanoma yimuphi umsebenzi ongokoqobo.

I-ChaCha20, enye indlela yesimanjemanje, iyi-cipher yokusakaza esusa ngokuphelele ukukhathazeka kosayizi webhulokhi futhi inikeze ukusebenza okukhethekile ku-Hardware ngaphandle kokusheshisa kwe-AES—okuyenza ilungele izindawo zamaselula kanye nokuthunyelwa kwe-IoT. I-TLS 1.3, izinga lamanje legolide lezokuphepha kwezokuthutha, isekela ngokukhethekile ama-cipher suites asekelwe ku-AES-GCM kanye ne-ChaCha20-Poly1305, isusa ama-block cipher amancane ekuxhumaneni okuphephile kwesimanje ngokuklama.

Impikiswano yokusebenza eyake yathanda ama-block cipher amancane nayo iwile. Ama-CPU esimanje ahlanganisa i-AES-NI hardware acceleration eyenza ukubethela kwe-AES-256 kusheshe kune-Blowfish esetshenziswa isofthiwe noma i-3DES cishe kuwo wonke ama-hardware ebhizinisi athengwe ngemva kuka-2010.

Iziphi Izimo Zomhlaba Wangempela Ezisathethelela Ukuqwashisa Nge-block Cipher Encane?

Ngaphezu kokuba sengozini, ama-block cipher amancane awanyamalala. Ukuqonda lapho ziphikelela khona kubalulekile ekuhloleni ubungozi okunembile:

Ukuhlanganiswa kwesistimu yefa kuhlala kuyisimo esiyinhloko sokusetshenziswa. Izindawo ze-Mainframe, i-SCADA endala kanye nezinhlelo zokulawula izimboni, namanethiwekhi ezezimali asebenzisa isofthiwe yamashumi eminyaka ubudala ngokuvamile awakwazi ukubuyekezwa ngaphandle kokutshalwa kwezimali okubalulekile konjiniyela. Kulezi zimo, impendulo akukhona ukwamukela ngokunganaki—ukunciphisa ubungozi ngokuzungezisa ukhiye, ukuqapha umthamo wethrafikhi, nokuhlukaniswa kwenethiwekhi.

Izindawo ezishumekiwe nezinomkhawulo kwesinye isikhathi zisavuna ukusetshenziswa kwe-compact cipher. Ezinye izinzwa ze-IoT nezinhlelo zokusebenza zamakhadi ahlakaniphile zisebenza ngaphansi kwememori nokucubungula izithiyo lapho ngisho ne-AES ingasebenzi. Ama-cipher anesisindo esingasindi eyakhelwe inhloso afana ne-PRESENT noma i-SIMON, adizayinelwe ngokukhethekile izingxenyekazi zekhompuyutha ezibambezelekile, anikeza amaphrofayela okuphepha angcono kunama-cipher angama-64-bit wefa kulezi zimo.

Ucwaningo lwe-Cryptographic nokuhlaziywa kwephrothokholi kudinga ukuqonda ama-block cipher amancane ukuze kuhlolwe kahle izindawo zokuhlasela kumasistimu akhona. Ochwepheshe bezokuphepha abenza izivivinyo zokungena noma abacwaninga ukuhlanganiswa kwezinkampani zangaphandle kufanele bakwazi kahle lokhu kuziphatha kwe-cipher.

Kufanele Amabhizinisi Alenze Kanjani Isu Lokubusa Lokubethela Okusebenzayo?

Ukuphatha izinqumo zokubethela kulo lonke ibhizinisi elikhulayo akuyona nje inkinga yobuchwepheshe—iyasebenza. Amabhizinisi asebenzisa amathuluzi amaningi, izinkundla, nokuhlanganiswa abhekene nenselelo yokugcina ukubonakala kokuthi idatha ibethelwa kanjani lapho iphumule futhi ithuthwa kuso sonke isitaki sawo.

Indlela ehlelekile ihlanganisa ukuhlola zonke izinsiza zokucushwa kwe-cipher suite, ukusebenzisa ubuncane be-TLS 1.2 (okuncanyelwayo kwe-TLS 1.3) kuwo wonke ama-endpoints, ukusetha izinqubomgomo eziyinhloko zokuzungezisa ezigcina amaseshini angu-64-bit cipher emfushane ngokwanele ukuze ahlale ngaphansi kwemikhawulo ebophezelekile usuku lokuzalwa, kanye nezinqubo zokuhlola ukwakhiwa komthengisi ezihlanganisa izimfuneko zohlu lwe-cryptographic ekuthengisweni.

Ukuhlanganisa imisebenzi yebhizinisi lakho ngenkundla ebumbene kunciphisa kakhulu inkimbinkimbi yokuphatha nge-cipher ngokunciphisa inani lamaphuzu okuhlanganiswa adinga ukubuyekezwa kokuvikeleka komuntu ngamunye.

Imibuzo Evame Ukubuzwa

Ingabe i-3DES isathathwa njengephephile ukuthi isetshenziswe ibhizinisi?

I-NIST yehlise ngokusemthethweni i-3DES kuze kube ngu-2023 futhi ayizange iyivumele izinhlelo zokusebenza ezintsha. Kuzinhlelo ezikhona zefa, i-3DES ingase yamukeleke ngokuzungezisa ukhiye oqinile (ukugcina idatha yesikhathi ingaphansi kuka-32GB ngokhiye ngamunye) kanye nezilawuli zeleveli yenethiwekhi, kodwa ukuthuthela ku-AES kunconywa kakhulu futhi kudingwa ngokwandayo yizinhlaka zokuthobelana.

Ngingathola kanjani ukuthi izinhlelo zami zebhizinisi zisebenzisa ama-block cipher amancane?

Sebenzisa amathuluzi okuskena we-TLS afana nokuhlolwa kweseva ye-SSL Labs' kumaphoyinti okugcina abheke esidlangalaleni. Ngamasevisi angaphakathi, amathuluzi okuqapha inethiwekhi anamandla okuhlola iphrothokholi angakwazi ukukhomba ukuxoxisana kwe-cipher suite kuthrafikhi ethwebuliwe. Ithimba lakho le-IT noma umxhumanisi wezokuvikela angasebenzisa ukuhlolwa kwe-cipher ngokumelene nama-API, isizindalwazi, namaseva ohlelo lokusebenza ukuze akhiqize uhlu oluphelele.

Ingabe ukushintshela ku-AES kudinga ukuthi ngibhale kabusha ikhodi yami yesicelo?

Ezimweni eziningi, cha. Imitapo yolwazi yesimanje yokubhala (i-OpenSSL, i-BouncyCastle, i-libsodium) yenza ukukhetha kwe-cipher kube ushintsho lokumisa esikhundleni sokubhala kabusha ikhodi. Umzamo oyinhloko wobunjiniyela uhilela ukubuyekeza amafayela okulungiselela, izilungiselelo ze-TLS, nokuhlola ukuthi idatha ekhona ebetheliwe ingathuthwa noma ibethelwe kabusha ngaphandle kokulahlekelwa idatha. Izinhlelo zokusebenza ezakhelwe phezu kwezinhlaka zamanje ngokuvamile ziveza ukukhetha kwe-cipher njengepharamitha, hhayi imininingwane yokusetshenziswa enekhodi eqinile.

Izinqumo zokubethela ezenziwe namuhla zichaza ukuma kwebhizinisi lakho kokuvikeleka iminyaka. I-Mewayz inika amabhizinisi akhulayo inkundla yokusebenza yamamojula angama-207—ehlanganisa i-CRM, ukumaketha, i-ecommerce, izibalo, nokunye—eyakhiwe nengqalasizinda eqaphela ukuphepha, ukuze ukwazi ukugxila ekukaleni esikhundleni sokuchibiyela ubungozi esitakini samathuluzi esihlukene. Joyina abasebenzisi abangu-138,000+ abaphethe ibhizinisi labo ngobuhlakani ku-app.mewayz.com, ngezinhlelo eziqala ku-$19/ngenyanga.