On Friday, March 15, 2019 at 12:25:37 PM UTC-7, ad...@adamcaudill.com wrote: > Daymion, > > (Apologies in advance if I've missed something that led to these results. > These results rely on the crt.sh database, which I will admit to being less > familiar with than I would like.) > > While recently looking at some randomly selected recent certificates from > this CA: https://crt.sh/?CAID=904, I noticed that it seemed that all had > serial numbers with the high bit set. This being unlikely, I took advantage > of the fact that crt.sh allows direct database access to get some more data - > and it looks like for several days, the certificates logged did indeed have > the high bit set in the serial number. > > For certificates with a notBefore of 2019-03-07 22:52:51 to 2019-03-13 > 02:01:15, it appears that all certificates had a serial number with the high > bit set; there are a little under 100,000 entries in the crt.sh database with > notBefore between those dates, all appear to be encoded to 9 bytes and with > the high bit set. > > For certificates with notBefore of 2019-03-13 02:01:16 and later, it appears > that the distribution returns to what would be expected based on the > selection criteria described. > > The odds of this happening by random chance being extremely remote - this > seems to indicate that there may have been an issue (and a loss of entropy). > > The data was pulled from the public crt.sh database, one day at a time, using > the following query: > > select > c.id, > x509_notBefore(c.CERTIFICATE), > x509_serialNumber(c.CERTIFICATE) > from certificate c > where > c.issuer_ca_id = 904 > and x509_notBefore(c.CERTIFICATE) between '2019-03-08'::date and > '2019-03-09'::date > limit 100000; > > On Wednesday, March 13, 2019 at 8:17:00 PM UTC-4, Daymion Reynolds wrote: > > > In accordance with our conversations to date, prior to 3/7 6:30pm AZ we > > utilized raw 64 bit output from CSPRING, with uniqueness and non zero > > checks. This new understanding of the rules calls for us to modify our > > original disclosure to 0 affected certificates.
Please read through earlier posts discussing this. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
