UMikhal Marek Ikakhulukazi kumongo izehlakalo zezinyanga ezedlule kuyizindaba ezithokozisayo kakhulu ukuthi konke ukuxhumana ngohlelo lokusebenza oludumile i-WhatsApp manje isibethelwe ngokugcwele kusetshenziswa indlela yokuphela-kuya-ekupheleni. Isigidi sabasebenzisi abasebenzayo besevisi manje bangaba nengxoxo evikelekile, kokubili ku-iOS ne-Android. Imiyalezo ebhaliwe, izithombe ezithunyelwe kanye nezingcingo zezwi zibethelwe.
Umbuzo uthi i-bulletproof ingena kanjani ekubetheleni. I-WhatsApp iyaqhubeka nokusingatha yonke imilayezo phakathi nendawo futhi ixhumanisa ukushintshaniswa kokhiye bokubethela. Ngakho-ke uma i-hacker noma uhulumeni efuna ukufinyelela emilayezweni, ukuthola imiyalezo yabasebenzisi bekungeke kwenzeke. Ngokombono, kungaba ngokwanele ukuba bathole inkampani ohlangothini lwabo noma bayihlasele ngokuqondile ngandlela thize.
Ukubethela kumsebenzisi ojwayelekile kunoma isiphi isimo kusho ukukhula okukhulu ekuvikelekeni kokuxhumana kwabo futhi kuwukudlulela phambili okukhulu kohlelo lokusebenza. Ubuchwepheshe benkampani eyaziwayo i-Open Whisper busetshenziselwa ukubhala ngemfihlo, i-WhatsApp belokhu ihlola ukubethela kusukela ngoNovemba wonyaka odlule. Ubuchwepheshe busekelwe kukhodi yomthombo ovulekile (umthombo ovulekile).
Akukacaci kimi ukuthi kungani ukubethela okuphakathi, kungani i-WhatsApp ingabavumeli bobabili abahlanganyeli bokhiye bokushintshanisa ingxoxo?
Ngomusho owodwa - ukusebenziseka kwe-BFU. Ngokushintshaniswa kokhiye ozimele ngokugcwele, kungaba kuhle, kodwa kungasetshenziswa.
Hhayi-ke, bengiqonde, ngaphansi kwesivalo. Umsebenzisi okhubazekile akudingeki azi ngakho nhlobo.
Angiboni noma yikuphi kukhulunywa ngokubethela okumaphakathi noma yikuphi, okuphambene nalokho.
Kwakujwayele ukuthi umlobi wendatshana athumele amazwana asekelwe ekuhleleni okuthunyelwe futhi akubhale kafushane engxoxweni bese ethi "kucacisiwe".
Nokho, umbhali walesi sihloko kuzodingeka aguqule okuthile.
ngakho uma kunjalo ngiyaxolisa kakhulu, ngibe nenkungu yempisi. Iphutha beliphakathi kwekhompyutha yami nodonga.
I-Threema
Angazi ukuthi umbhali usho ukuthini ngokuhlanganisa okubalulekile. Ngokwazi kwami, futhi njengoba kushiwo esihlokweni, i-WhatsApp isanda kusebenzisa i-Signal protocol, esekelwe eqinisweni lokuthi ingxoxo ngayinye isho ukushintshaniswa okusha kokhiye nge-Diffie-Hellmann kanye nesizukulwane se-AES entsha ne-MAC. Konke lokhu kwenzeka ohlangothini lweklayenti futhi akekho noyedwa endleleni ongenza noma yini ngakho, ngisho ne-WhatsApp, ehambisa kakhulu imilayezo ebethelwe phakathi kwabasebenzisi futhi ingakwazi (futhi mhlawumbe) ukugcina nokuhlaziya imethadatha. Noma kukhona engikuphuthele?
Sawubona, angiyena impela uchwepheshe wokubethela futhi bengingafuni ukungena ezintweni zobuchwepheshe engingaziqondi ngempela. Noma kunjalo, uma ngiqonda kahle, i-WhatsApp isebenza ngokhiye basesidlangalaleni abasetshenziselwa ukubethela umlayezo. Ngakho-ke, uma umhlaseli nge-WhatsApp ekwazile ukushutheka ukhiye wakhe wokubethela komunye umuntu, angaphinda asuse ukubethela umlayezo obethelwe.
Uma kungenjalo, uqinisile futhi ngiyavuma ngaphandle kokuhlushwa, cishe unesandla esiphezulu uma kuziwa ekubetheleni futhi ngizojabula uma ungifundisa.
Sawubona, yisihloko esiphelele, kodwa ngizozama ukusenza sibe lula - okuwukuphela kwento egcinwe kuseva ye-WhatsApp izikhiye zakho ezimbalwa zomphakathi, ezisetshenziswa lapho udala iseshini yengxoxo phakathi kwakho nomunye umuntu. Bekungenzeka ngaphandle kwabo, kodwa laba okuthiwa okhiye bangaphambili bavumela, phakathi kwezinye izinto, ukudala iseshini ebethelwe noma ngabe elinye iqembu lingaxhunyiwe ku-inthanethi (okuyinto ekhethekile ye-Signal protocol, ayikwazi ukwenza enye into. , okungenani ngokwazi kwethu). Iphrothokholi Yesiginali ihlanganisa nendlela yokuqinisekisa okuthembekile kolunye uhlangothi, ukuvimbela othile ekuzenzeni wena. I-Symmetric cryptography ibe isisetshenziswa ukubethela umlayezo ngokwawo, okungukuthi umlayezo uyabethelwa futhi ususwe ukubethela ngokhiye ofanayo. Lo khiye wenziwa kuwo wonke umlayezo omusha futhi i-WhatsApp (inkampani) ayinakho ukufinyelela kuyo, ikhiqizwa kumadivayisi wokugcina (yingakho i-End to End cryptography), eyaqala ukwenza lokho okubizwa ngokuthi ukuxhawula usebenzisa i-Diffie-Hellman protocol ( ngokuqondile, ECDH). Ngenxa yalokhu kuxhawulana, zombili izinhlangothi zithola lokho okuthiwa imfihlo eyabiwe, okungukuthi inombolo enkulu engahleliwe eyaziwa yizinhlangothi zombili, kodwa akekho omunye ongalalela. Ngokusekelwe kule mfihlo eyabiwe, zombili izinhlangothi zingakha okhiye bokubethela abasha nabasha abahlukile kumlayezo ngamunye. Okokufaka kokukhiqiza ukhiye onjalo akuyona nje "imfihlo eyabiwe" okwabelwana ngayo kuphela, kodwa futhi nomlayezo odlule. Ngenxa yalokhu kanye nezinye izakhiwo ze-Signal protocol, lokho okubizwa ngokuthi imfihlo yangaphambili kanye nezimfihlo zesikhathi esizayo kuqinisekiswa, okungukuthi, noma ngabe othile uthola umlayezo wakho obethelwe futhi ngandlela-thile ekwazi ukuwuhlephula esikhathini esizayo futhi athole ukufinyelela kukhiye wokubethela, akakwazi. susa ukubethela omunye umlayezo owuthumele.
Ngiyaxolisa uma ngibhale lokhu ngemininingwane eminingi futhi ngaphinda into osuyazi futhi ngiyethemba ukuthi ngiphendule ukudideka. Angiyena uchwepheshe we-cryptography, kodwa ngokuqondana, bengilokhu ngibhekana nalesi sihloko ngokujula okuthile muva nje :) Noma kunjalo, uma othile ethola amaphutha kulokho engikubhalile, ngizojabula uma ungilungisa.
Ngiyabonga kakhulu ngolwazi, uluchaze ngendlela ecace kakhulu. Ngokuzayo ngizohlonyiswa kangcono ngolwazi ;)
Ingabe lokhu kusho ukuthi i-WhatsApp ayinawo umlando omaphakathi manje?
Inomlando omaphakathi, kodwa umlayezo ngamunye ubethelwe ngokhiye oyingqayizivele umamukeli womlayezo kuphela anawo.