[7361] in cryptography@c2.net mail archive
RE: outlook certs - solved
daemon@ATHENA.MIT.EDU (Matt Thomlinson)
Thu Jun 22 14:40:21 2000
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01BFDAF6.49F169D2"
Date: Tue, 20 Jun 2000 13:29:52 -0700
Message-ID: <19398D273324D3118A2B0008C7E9A5690DB513E3@SIT.platinum.corp.microsoft.com>
From: "Matt Thomlinson" <mattt@Exchange.Microsoft.com>
To: <pgut001@cs.auckland.ac.nz>, "Pawel Krawczyk" <kravietz@alfa.ceti.pl>,
"Markku-Juhani Saarinen" <mjos@cc.jyu.fi>
Cc: <cryptography@c2.net>
This is a multi-part message in MIME format.
------_=_NextPart_001_01BFDAF6.49F169D2
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
I now believe you've decoded the below incorrectly because the leading
bit is set, making this a signed number which may have made some of your
tools croak. Decoding by hand, I get the following mod/exp:
=20
3047 0240 (asn, len, int tag, length of 40)
=20
modulus:
DFAA A0F4 0CA3 853E 6942 C98D AC3F 1257 4ADB 50CB 263F 99E0 A922 1166
CD1E 959C 34EF BC66 84DF E3F7 3C62 F6B0 7D20 FE89 3B52 846F DD21 E099
C187 A1E3 FE1B 14C3=20
=20
0203 (int tag, length of 3)
exponent:
0100 01
=20
note that the complement of DF =3D 20, AA =3D 55, which begins to look a =
lot
like the number you 'decoded' below.
BTW, I've had our research team check the above modulus (DFAA...) for
trivial factors. We found no prime divisors below 10 million.
mattt
-----Original Message-----
From: Pawel Krawczyk [mailto:kravietz@alfa.ceti.pl]
Sent: Tuesday, June 20, 2000 7:53 AM
To: Matt Thomlinson
Cc: Peter Gutmann; mjos@cc.jyu.fi
Subject: Re: outlook certs
On Mon, Jun 19, 2000 at 03:25:54PM -0700, Matt Thomlinson wrote:
> the person who factored the number -- is it possible that the modulus
> was byte-reversed and the number factored was just a random 511-bit
> number? This would be cake to understand if we actually had the cert
in
> question...
I've posted the cert to the list, but here it is:
-----BEGIN CERTIFICATE-----
MIIBSzCB/AIEN5gYKTAHBgUrDgMCAzAeMQswCQYDVQQGEwJQTDEPMA0GA1UEChMG
b2ktd2JkMCYXETAwMDYxMzA5NTQwMy0wMTAwFxEwMTEyMTQwOTU0MDMtMDEwMDBI
MQ8wDQYDVQQDEwZrdXJzMTAxEzARBgNVBAMTCnJlY2lwaWVudHMxDzANBgNVBAsT
Bm9pLXdiZDEPMA0GA1UEChMGb2ktd2JkMFkwCwYJKoZIhvcNAQEBA0oAMEcCQN+q
oPQMo4U+aULJjaw/EldK21DLJj+Z4KkiEWbNHpWcNO+8ZoTf4/c8YvawfSD+iTtS
hG/dIeCZwYeh4/4bFMMCAwEAATAHBgUrDgMCAwNBAIUwzaEwGZVC98cd+Bu/DsYv
9YAF7QQHPDSWyARgOqMzkGXJUCfBT3MWY8ir5pFxSnoJiOCtOiqE+UMPv+8tRhw=3D
-----END CERTIFICATE-----
And its dump by OpenSSL 0.9.5a:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 932714537 (0x37981829)
Signature Algorithm: md5WithRSA
Issuer: C=3DPL, O=3Doi-wbd
Validity
Not Before: Jun 13 09:54:03 2000
Not After : Dec 14 09:54:03 2001
Subject: CN=3Dkurs10, CN=3Drecipients, OU=3Doi-wbd, O=3Doi-wbd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (510 bit)
Modulus (510 bit):
20:55:5f:0b:f3:5c:7a:c1:96:bd:36:72:53:c0:ed:
a8:b5:24:af:34:d9:c0:66:1f:56:dd:ee:99:32:e1:
6a:63:cb:10:43:99:7b:20:1c:08:c3:9d:09:4f:82:
df:01:76:c4:ad:7b:90:22:de:1f:66:3e:78:5e:1c:
01:e4:eb:3d
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSA
85:30:cd:a1:30:19:95:42:f7:c7:1d:f8:1b:bf:0e:c6:2f:f5:
80:05:ed:04:07:3c:34:96:c8:04:60:3a:a3:33:90:65:c9:50:
27:c1:4f:73:16:63:c8:ab:e6:91:71:4a:7a:09:88:e0:ad:3a:
2a:84:f9:43:0f:bf:ef:2d:46:1c
--=20
Pawe=B3 Krawczyk <http://ceti.pl/~kravietz/>
------_=_NextPart_001_01BFDAF6.49F169D2
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-2">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.0.4397.0">
<TITLE>RE: outlook certs - solved</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>I now believe you've decoded the below incorrectly =
because the leading bit is set, making this a signed number which may =
have made some of your tools croak. Decoding by hand, I get the =
following mod/exp:</FONT></P>
<P><FONT SIZE=3D2> </FONT>
<BR><FONT SIZE=3D2>3047 0240 (asn, len, int tag, length of =
40)</FONT>
<BR><FONT SIZE=3D2> </FONT>
<BR><FONT SIZE=3D2>modulus:</FONT>
<BR><FONT SIZE=3D2>DFAA A0F4 0CA3 853E 6942 C98D AC3F 1257 4ADB 50CB =
263F 99E0 A922 1166 CD1E 959C 34EF BC66 84DF E3F7 3C62 F6B0 7D20 FE89 =
3B52 846F DD21 E099 C187 A1E3 FE1B 14C3 </FONT></P>
<P><FONT SIZE=3D2> </FONT>
<BR><FONT SIZE=3D2>0203 (int tag, length of 3)</FONT>
<BR><FONT SIZE=3D2>exponent:</FONT>
<BR><FONT SIZE=3D2>0100 01</FONT>
<BR><FONT SIZE=3D2> </FONT>
<BR><FONT SIZE=3D2>note that the complement of DF =3D 20, AA =3D 55, =
which begins to look a lot like the number you 'decoded' below.</FONT>
</P>
<P><FONT SIZE=3D2>BTW, I've had our research team check the above =
modulus (DFAA...) for trivial factors. We found no prime divisors below =
10 million.</FONT></P>
<BR>
<P><FONT SIZE=3D2>mattt</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Pawel Krawczyk [<A =
HREF=3D"mailto:kravietz@alfa.ceti.pl">mailto:kravietz@alfa.ceti.pl</A>]</=
FONT>
<BR><FONT SIZE=3D2>Sent: Tuesday, June 20, 2000 7:53 AM</FONT>
<BR><FONT SIZE=3D2>To: Matt Thomlinson</FONT>
<BR><FONT SIZE=3D2>Cc: Peter Gutmann; mjos@cc.jyu.fi</FONT>
<BR><FONT SIZE=3D2>Subject: Re: outlook certs</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>On Mon, Jun 19, 2000 at 03:25:54PM -0700, Matt =
Thomlinson wrote:</FONT>
</P>
<P><FONT SIZE=3D2>> the person who factored the number -- is it =
possible that the modulus</FONT>
<BR><FONT SIZE=3D2>> was byte-reversed and the number factored was =
just a random 511-bit</FONT>
<BR><FONT SIZE=3D2>> number? This would be cake to understand if we =
actually had the cert in</FONT>
<BR><FONT SIZE=3D2>> question...</FONT>
</P>
<P><FONT SIZE=3D2>I've posted the cert to the list, but here it =
is:</FONT>
</P>
<P><FONT SIZE=3D2>-----BEGIN CERTIFICATE-----</FONT>
<BR><FONT =
SIZE=3D2>MIIBSzCB/AIEN5gYKTAHBgUrDgMCAzAeMQswCQYDVQQGEwJQTDEPMA0GA1UEChMG=
</FONT>
<BR><FONT =
SIZE=3D2>b2ktd2JkMCYXETAwMDYxMzA5NTQwMy0wMTAwFxEwMTEyMTQwOTU0MDMtMDEwMDBI=
</FONT>
<BR><FONT =
SIZE=3D2>MQ8wDQYDVQQDEwZrdXJzMTAxEzARBgNVBAMTCnJlY2lwaWVudHMxDzANBgNVBAsT=
</FONT>
<BR><FONT =
SIZE=3D2>Bm9pLXdiZDEPMA0GA1UEChMGb2ktd2JkMFkwCwYJKoZIhvcNAQEBA0oAMEcCQN+q=
</FONT>
<BR><FONT =
SIZE=3D2>oPQMo4U+aULJjaw/EldK21DLJj+Z4KkiEWbNHpWcNO+8ZoTf4/c8YvawfSD+iTtS=
</FONT>
<BR><FONT =
SIZE=3D2>hG/dIeCZwYeh4/4bFMMCAwEAATAHBgUrDgMCAwNBAIUwzaEwGZVC98cd+Bu/DsYv=
</FONT>
<BR><FONT =
SIZE=3D2>9YAF7QQHPDSWyARgOqMzkGXJUCfBT3MWY8ir5pFxSnoJiOCtOiqE+UMPv+8tRhw=3D=
</FONT>
<BR><FONT SIZE=3D2>-----END CERTIFICATE-----</FONT>
</P>
<P><FONT SIZE=3D2>And its dump by OpenSSL 0.9.5a:</FONT>
</P>
<P><FONT SIZE=3D2>Certificate:</FONT>
<BR><FONT SIZE=3D2> Data:</FONT>
<BR><FONT SIZE=3D2> Version: 1 =
(0x0)</FONT>
<BR><FONT SIZE=3D2> Serial =
Number: 932714537 (0x37981829)</FONT>
<BR><FONT SIZE=3D2> Signature =
Algorithm: md5WithRSA</FONT>
<BR><FONT SIZE=3D2> Issuer: =
C=3DPL, O=3Doi-wbd</FONT>
<BR><FONT SIZE=3D2> =
Validity</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; Not Before: Jun 13 09:54:03 2000</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; Not After : Dec 14 09:54:03 2001</FONT>
<BR><FONT SIZE=3D2> Subject: =
CN=3Dkurs10, CN=3Drecipients, OU=3Doi-wbd, O=3Doi-wbd</FONT>
<BR><FONT SIZE=3D2> Subject =
Public Key Info:</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; Public Key Algorithm: rsaEncryption</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; RSA Public Key: (510 bit)</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; Modulus (510 bit):</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; =
20:55:5f:0b:f3:5c:7a:c1:96:bd:36:72:53:c0:ed:</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; =
a8:b5:24:af:34:d9:c0:66:1f:56:dd:ee:99:32:e1:</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; =
6a:63:cb:10:43:99:7b:20:1c:08:c3:9d:09:4f:82:</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; =
df:01:76:c4:ad:7b:90:22:de:1f:66:3e:78:5e:1c:</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; 01:e4:eb:3d</FONT>
<BR><FONT =
SIZE=3D2> &nbs=
p; Exponent: 65537 (0x10001)</FONT>
<BR><FONT SIZE=3D2> Signature Algorithm: =
md5WithRSA</FONT>
<BR><FONT SIZE=3D2> =
85:30:cd:a1:30:19:95:42:f7:c7:1d:f8:1b:bf:0e:c6:2f:f5:</FONT>
<BR><FONT SIZE=3D2> =
80:05:ed:04:07:3c:34:96:c8:04:60:3a:a3:33:90:65:c9:50:</FONT>
<BR><FONT SIZE=3D2> =
27:c1:4f:73:16:63:c8:ab:e6:91:71:4a:7a:09:88:e0:ad:3a:</FONT>
<BR><FONT SIZE=3D2> =
2a:84:f9:43:0f:bf:ef:2d:46:1c</FONT>
</P>
<P><FONT SIZE=3D2>-- </FONT>
<BR><FONT SIZE=3D2>Pawe=B3 Krawczyk <<A =
HREF=3D"http://ceti.pl/~kravietz/">http://ceti.pl/~kravietz/</A>></FON=
T>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01BFDAF6.49F169D2--
