On Sat, Sep 5, 2015 at 5:28 AM, Georgi Guninski <guninski@guninski.com> wrote: ...
This works with openssl 1.0.1p over SSL.
Attached is self signed cert and the priv. key.
Session: ./apps/openssl s_server -accept 8080 -cert ./cacert2.pem -key ./key-comp2.key -HTTP
openssl s_client -connect localhost:8080
Server public key is 1204 bit Verify return code: 18 (self signed certificate)
sage: q=0x008000000000000000001d8000000000000000012b sage: factor(q) 604462909807314587353111 * 1208925819614629174706189
Georgi, just a quick note to thank you for sharing your research and taking time to verify your findings against OpenSSL. I've been researching cryptographic backdoors -- you may want to review this http://illusoryTLS.com/ -- and the lack of checks on group parameters, malicious or otherwise (*), is to me yet another cause for concern. Great catch! (*) It would be interesting to look at the story of RFC-2631, as Bernstein, Lange, and Niederhagen did for the Dual EC standard https://projectbullrun.org/dual-ec/ Cheers, -- Alfonso