Daymion, (Apologies in advance if I've missed something that led to these results. These results rely on the crt.sh database, which I will admit to being less familiar with than I would like.)
While recently looking at some randomly selected recent certificates from this CA: https://crt.sh/?CAID=904, I noticed that it seemed that all had serial numbers with the high bit set. This being unlikely, I took advantage of the fact that crt.sh allows direct database access to get some more data - and it looks like for several days, the certificates logged did indeed have the high bit set in the serial number. For certificates with a notBefore of 2019-03-07 22:52:51 to 2019-03-13 02:01:15, it appears that all certificates had a serial number with the high bit set; there are a little under 100,000 entries in the crt.sh database with notBefore between those dates, all appear to be encoded to 9 bytes and with the high bit set. For certificates with notBefore of 2019-03-13 02:01:16 and later, it appears that the distribution returns to what would be expected based on the selection criteria described. The odds of this happening by random chance being extremely remote - this seems to indicate that there may have been an issue (and a loss of entropy). The data was pulled from the public crt.sh database, one day at a time, using the following query: select c.id, x509_notBefore(c.CERTIFICATE), x509_serialNumber(c.CERTIFICATE) from certificate c where c.issuer_ca_id = 904 and x509_notBefore(c.CERTIFICATE) between '2019-03-08'::date and '2019-03-09'::date limit 100000; On Wednesday, March 13, 2019 at 8:17:00 PM UTC-4, Daymion Reynolds wrote: > In accordance with our conversations to date, prior to 3/7 6:30pm AZ we > utilized raw 64 bit output from CSPRING, with uniqueness and non zero checks. > This new understanding of the rules calls for us to modify our original > disclosure to 0 affected certificates. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
