A Copy-Paste Bug Yakapwanya Pspice AES-256 Encryption | Mewayz Blog Skip to main content
Hacker News

A Copy-Paste Bug Yakapwanya Pspice AES-256 Encryption

Comments

8 min read Via jtsylve.blog

Mewayz Team

Editorial Team

Hacker News

A Copy-Paste Bug Yakapwanya Pspice AES-256 Encryption

Munyika yekuvandudzwa kwesoftware, kusasimba kwakanyanya kunowanzo kukonzerwa nekutadza kuoma kwealgorithmic, asi kubva nyore, kutarisisa kwevanhu. Chiyeuchidzo chakasimba chechokwadi ichi chakauya pachena kuburikidza nekukanganisa kwakanyanya kwakawanikwa muPSpice, iyo indasitiri-yakajairwa dunhu simulation software kubva kuCadence. Iyo bug, iyo yaigara mukuitwa kweiyo yakasimba AES-256 encryption algorithm, yaive neinonyadzisa yemazuvane kwakabva: kopi-paste kukanganisa. Chiitiko ichi chinosimbisa dambudziko repasi rose muinjiniya yesoftware uye rinoratidza kuti nei modular, mapuratifomu anotarisika seMewayz ari kuve akakosha pakuvaka masisitimu ebhizinesi akatsiga. Nyaya yebug iyi ingano yeyambiro pamusoro pemitengo yakavanzika yekudzokorodza kodhi uye kusasimba kwe monolithic software architecture.

The Anatomy yeCryptographic Catastrophe

The bug yakawanikwa mu `cryptlib` cryptography library inoshandiswa nePSpice kune yayo encryption features. Pakati payo, iyo Advanced Encryption Standard (AES) inoshanda mumataundi akawanda ekugadzirisa. Kune AES-256, kune gumi nemana akatenderera akadaro. Kutenderera kwega kwega kunoda chaiyo "kutenderera kiyi," inotorwa kubva kune yekutanga encryption kiyi kuburikidza nemaitiro anonzi kiyi kuwedzera. Basa remugadziri raive rekunyora loop yekushandisa aya 14 rounds. Nekudaro, pachinzvimbo cheyakachena, iterative loop, iyo kodhi yakarongedzwa nemabhuraki maviri akada kufanana: imwe yekutanga mapfumbamwe kutenderera uye imwe yekupedzisira mashanu. Munguva yekukopa-uye-paste oparesheni, mutsara wakakomba wekodhi unoita nhanho yekutsiva wakasiiwa netsaona kubva pachikamu chechipiri. Izvi zvaireva kuti pamaraundi mashanu ekupedzisira ekuvharidzira, chikamu chakakosha cheAES algorithm chakangosvetwa, zvichiita kuti encryption iite zinyekenyeke.

Sei Monolithic Codebites Ari Kuberekera Nzvimbo dzeBugs

Kukanganisa uku kwakaramba kusingaonekwe kwemakore nekuti yakavigwa mukati mehombe, monolithic codebase. Munzvimbo dzakadai, modhi imwechete senge `cryptlib` yakarukwa zvakasimba mujira rekushandisa, zvichiita kuti kuyedzwa kwega uye kuomerwa kuome. Iyo logic ye encryption rounds yanga isiri yega, inoyedzeka nyore unit asi chidimbu chepuzzle yakakura. Uku kushomeka kwe modularity ndiyo yekutanga njodzi chinhu chebhizinesi software. Inogadzira mapofu apo kukanganisa kuri nyore mune rimwe basa kunogona kukanganisa kuchengetedzeka kwehurongwa hwese, senge chinhu chimwe chakakanganisika chinogona kumisa mutsara wakaoma wekugadzira. Apa ndipo apo huzivi kuseri kwemodular bhizinesi OS seMewayzinopa imwe nzira inomanikidza. Nekugadzira masisitimu ane discrete, anotsiviwa mamodule, mabhizinesi anogona kutsaura mashandiro, zvichiita kuti zvikamu zvega zvega zvive nyore kuongorora, kuyedza, uye kugadzirisa pasina njodzi yekuparara kwehurongwa.

Zvidzidzo Zvekuvandudza Software Yemazuva Ano

Chipembenene chePSpice chinodzidzisa zvidzidzo zvakati wandei zvakakosha zvinotambanudzira kure kure sedunhu simulation software:

  • Njodzi Yekudzokorodza: Copy-pasting code ine mukurumbira wakaipa wekukanganisa. Kudzokorora kwega kwega inzvimbo inogoneka yekusiyana kweramangwana uye sumo yebug.
  • Unit Testing haitaurike: Yekuongorora yakazara yeAES encryption function, kutarisa zvinobuda zvichitarisana neanozivikanwa mavector akabatiswa, zvingadai zvakabata izvi ipapo ipapo.
  • Code Ongororo Inochengetedza Masisitimu: Meso maviri echipiri, kunyanya pazvikamu zvakakosha pakuchengetedza, ndeimwe yenzira dzinoshanda dzekubata tsikidzi.
  • Kupfava Pamusoro Pekungwara: Yakareruka, yakajeka loop yemaround gumi nemana ingadai isina kukanganisa zvakanyanya pane iyo split-block structure.
"Kusagadzikana uku kunoratidza kuti simba rekristptosystem harisi chete mumasvomhu egorgorithm asi zvakaenzana mukururama kwekushandiswa kwayo. Kutsvedza kumwe chete mukodhi kunogona kuderedza AES-256 kusvika pamwero wekushaya simba kuduku kuputsa." - Chengetedzo Muongorori Kuongorora

Kuvaka paNheyo yeModular Kutendeseka

Kudonha kwebug iyi kwaida kuti Cadence ibudise chigamba chakakosha, zvichimanikidza mafemu einjiniya asingaverengeki kuti agadzirise software yavo yakakosha. Kuvhiringidza uye njodzi inogona kuitika yekuchengeteka yakanga yakakosha. Kune mabhizinesi nhasi, kuvimba nemonolithic, dema-bhokisi software inotakura njodzi dzekushanda. A platform yakafanana neMewayz inotaura izvi nekubata mabasa makuru ebhizimisi-kubva pakubata data kusvika kune kuchengetedzwa kweprotocol - semamodule akazvimirira mukati mehutano hwekushanda. Ichi chivakwa chinobvumira kuenderera, kwakasarudzika kusimbiswa kwechimwe nechimwe chikamu. Kana kusadzivirirwa kukawanikwa mune imwe module, inogona kugadzirwa kana kuchinjika pasina kubvisa bhizinesi rese mafambiro. Muchidimbu, Mewayz inosimudzira rudzi rwekuchena, kuchengetedzeka, uye kuverengeka software dhizaini inodzivirira "copy-paste tsikidzi" kubva pakuva matambudziko ebhizinesi, kuona kuti kuvimbika kwebhizinesi rako hakumbokanganiswe nechikanganiso chimwe chete.

💡 DID YOU KNOW?

Mewayz replaces 8+ business tools in one platform

CRM · Invoicing · HR · Projects · Booking · eCommerce · POS · Analytics. Free forever plan available.

Start Free →

Mibvunzo Inowanzo bvunzwa

A Copy-Paste Bug Yakapwanya Pspice AES-256 Encryption

Munyika yekuvandudzwa kwesoftware, kusasimba kwakanyanya kunowanzo kukonzerwa nekutadza kuoma kwealgorithmic, asi kubva nyore, kutarisisa kwevanhu. Chiyeuchidzo chakasimba chechokwadi ichi chakauya pachena kuburikidza nekukanganisa kwakanyanya kwakawanikwa muPSpice, iyo indasitiri-yakajairwa dunhu simulation software kubva kuCadence. Iyo bug, iyo yaigara mukuitwa kweiyo yakasimba AES-256 encryption algorithm, yaive neinonyadzisa yemazuvane kwakabva: kopi-paste kukanganisa. Chiitiko ichi chinosimbisa dambudziko repasi rose muinjiniya yesoftware uye rinoratidza kuti nei modular, mapuratifomu anotarisika seMewayz ari kuve akakosha pakuvaka masisitimu ebhizinesi akatsiga. Nyaya yebug iyi ingano yeyambiro pamusoro pemitengo yakavanzika yekudzokorodza kodhi uye kusasimba kwe monolithic software architecture.

The Anatomy of a Cryptographic Catastrophe

The bug yakawanikwa mu `cryptlib` cryptography library inoshandiswa nePSpice kune yayo encryption features. Pakati payo, iyo Advanced Encryption Standard (AES) inoshanda mumataundi akawanda ekugadzirisa. Kune AES-256, kune gumi nemana akatenderera akadaro. Kutenderera kwega kwega kunoda chaiyo "kutenderera kiyi," inotorwa kubva kune yekutanga encryption kiyi kuburikidza nemaitiro anonzi kiyi kuwedzera. Basa remugadziri raive rekunyora loop yekushandisa aya 14 rounds. Nekudaro, pachinzvimbo cheyakachena, iterative loop, iyo kodhi yakarongedzwa nemabhuraki maviri akada kufanana: imwe yekutanga mapfumbamwe kutenderera uye imwe yekupedzisira mashanu. Munguva yekukopa-uye-paste oparesheni, mutsara wakakomba wekodhi unoita nhanho yekutsiva wakasiiwa netsaona kubva pachikamu chechipiri. Izvi zvaireva kuti pamaraundi mashanu ekupedzisira ekuvharidzira, chikamu chakakosha cheAES algorithm chakangosvetwa, zvichiita kuti encryption iite zinyekenyeke.

Sei Monolithic Codebites Ari Kuberekera Nzvimbo dzeBugs

Kukanganisa uku kwakaramba kusingaonekwe kwemakore nekuti yakavigwa mukati mehombe, monolithic codebase. Munzvimbo dzakadai, modhi imwechete senge `cryptlib` yakarukwa zvakasimba mujira rekushandisa, zvichiita kuti kuyedzwa kwega uye kuomerwa kuome. Iyo logic ye encryption rounds yanga isiri yega, inoyedzeka nyore unit asi chidimbu chepuzzle yakakura. Uku kushomeka kwe modularity ndiyo yekutanga njodzi chinhu chebhizinesi software. Inogadzira mapofu apo kukanganisa kuri nyore mune rimwe basa kunogona kukanganisa kuchengetedzeka kwehurongwa hwese, senge chinhu chimwe chakakanganisika chinogona kumisa mutsara wakaoma wekugadzira. Apa ndipo apo huzivi kuseri kwe modular bhizinesi OS seMewayz inopa imwe inomanikidza. Nekugadzira masisitimu ane discrete, anotsiviwa mamodule, mabhizinesi anogona kutsaura mashandiro, zvichiita kuti zvikamu zvega zvega zvive nyore kuongorora, kuyedza, uye kugadzirisa pasina njodzi yekuparara kwehurongwa.

Zvidzidzo zveMafambiro eSoftware Yemazuva Ano

Chipembenene chePSpice chinodzidzisa zvidzidzo zvakati wandei zvakakosha zvinotambanudzira kure kure sedunhu simulation software:

Kuvaka paNheyo yeModular Kutendeseka

Kudonha kwebug iyi kwaida kuti Cadence ibudise chigamba chakakosha, zvichimanikidza mafemu einjiniya asingaverengeki kuti agadzirise software yavo yakakosha. Kuvhiringidza uye njodzi inogona kuitika yekuchengeteka yakanga yakakosha. Kune mabhizinesi nhasi, kuvimba nemonolithic, dema-bhokisi software inotakura njodzi dzekushanda. Ipuratifomu yakaita seMewayz inogadzirisa izvi nekubata zvakakosha bhizinesi mabasa-kubva pakubata data kusvika kune yekuchengetedza mapuroteni - semamodule akazvimirira mukati meyakabatana inoshanda sisitimu. Ichi chivakwa chinobvumira kuenderera, kwakasarudzika kusimbiswa kwechimwe nechimwe chikamu. Kana kusadzivirirwa kukawanikwa mune imwe module, inogona kugadzirwa kana kuchinjika pasina kubvisa bhizinesi rese mafambiro. Muchidimbu, Mewayz inosimudzira rudzi rwekuchena, kuchengetedzeka, uye kuverengeka software dhizaini inodzivirira "copy-paste tsikidzi" kubva pakuva matambudziko ebhizinesi, kuona kuti kuvimbika kwebhizinesi rako hakumbokanganiswe nechikanganiso chimwe chete.

Wagadzirira Kurerutsa Mashandiro Ako?

Kunyangwe uchida CRM, invoicing, HR, kana ese mazana maviri nemamodule 208 — Mewayz yakakupa. 138K+ mabhizinesi akatochinja.

Tanga Mahara →