Re: [cryptography] can the German government read PGP and ssh traffic?

[Jim Fenton]

On 6/2/12 6:15 AM, Joe St Sauver wrote:
 ianG asked:

 #Would it be possible to describe in general words what LOA-1 thru 4 entails?

 I hesitate to try to do so. The definitive answer can be found in 
 http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf

The latest version, issued last December, is SP 800-63 Rev 1:

http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf

-Jim
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Microsoft Sub-CA used in malware signing

[Marsh Ray]

On 06/05/2012 07:21 AM, Douglas Pichardo wrote:

The last link below [http://rmhrisk.wpengine.com/?p=52] points out that
the sub-CA's were issued with constraints granting them:
- License Server Verification (1.3.6.1.4.1.311.10.6.2)
- Key Pack Licenses (1.3.6.1.4.1.311.10.6.1)
- Code Signing (1.3.6.1.5.5.7.3.3)

But I don't see any constraints at all listed in the MS.txt certificate
you attached from
[http://blog.crysys.hu/2012/06/the-flame-malware-wusetupv-exe-certificate-chain/].
  Am I missing something here?


No you're not. There aren't any.

This is true not only for the evil cert, but also for Genuine 
Microsoft^TM Terminal Services License Server license certs. You can 
find examples with http://www.google.com/search?q=06+01+04+01+82+37+12;

Attached are a couple of examples found this way.

Ryan Hurst has more good detailed analyses on the MSTS licensing PKI 
goof based on a Genuine Microsoft^TM cert.

http://rmhrisk.wpengine.com/?p=57 and
http://rmhrisk.wpengine.com/?p=60

Marc Stevens and B.M.M. de Weger (of 
http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the 
collision in the evil CN=MS cert. I'm sure they'll have a full report at 
some point. Until then, they have said this:

[We] have confirmed that flame uses a yet unknown md5 chosen-prefix
collision attack. We are interested in other possible certs based
on this md5 coll attack for further analysis. I am now analyzing
their chosen-prefix collision attack in more detail, (more examples
would greatly help) and trying to write up some results and
conclusions to make a more detailed statement. The collision
attack itself is very interesting from a scientific viewpoint
and there are already some practical implications.


Didier Stevens has posted the full chain at

http://blog.didierstevens.com/2012/06/06/flame-authenticode-dumps-kb2718704/


There is a mystery cert CN=TLS Server in the executable. It does not 
appear to have a tumor. It's attached here. Perhaps someone can figure 
out what it's for.


- Marsh

P.S. The first couple of 64-byte blocks here are the tumor. For some 
reason, it does not show up with 'openssl x509 -text' or even 'openssl 
asn1parse -dump'.



  500:d=2  hl=4 l= 888 prim:   cont [ 1 ]
dd if=MS.der bs=1 skip=500 count=888 | hd
  81 82 03 78 00 6a 4c e0 1f f5 91 69 b2 74 36 f0  
|...x.jLi.t6.|
0010  7f 7b 4b 7b c6 be eb 3f 9f 98 3d a3 84 87 54 7e  
|.{K{...?..=...T~|
0020  72 87 71 25 4b 68 35 ae 65 bd 6c 8f dc 8d ac c4  
|r.q%Kh5.e.l.|
0030  e8 98 92 de dc 53 62 f5 72 6a 25 27 a3 12 46 eb  
|.Sb.rj%'..F.|
0040  7f 6d 58 cd 30 83 d7 7a 85 b8 48 e6 0e 01 11 68  
|.mX.0..z..Hh|
0050  65 7d 53 38 0b 40 f4 3b 68 43 59 c1 3c 05 c3 40  
|e}S8.@.;hCY...@|
0060  26 9d 51 97 e2 eb 2e b8 c2 19 6e 4e 94 46 3b d8  
|.Q...nN.F;.|
0070  d4 fd 0d 00 d1 68 fa df f3 fa 18 8a 7c 65 9b da  
|.h..|e..|
0080  23 11 9f 16 a6 8b 23 24 88 87 22 69 19 c2 11 ea  
|#.#$..i|
0090  9d 36 81 ad fb e8 8b d2 d0 eb 06 f2 1a 86 8d c6  
|.6..|
00a0  84 f3 88 c5 e0 d9 64 c6 48 95 d4 be d3 54 48 91  
|..d.HTH.|
00b0  e6 6c e9 1e 33 97 15 42 ee b4 6d 1f 15 0b 27 dd  
|.l..3..B..m...'.|
00c0  08 bb 81 de b6 96 16 39 d9 26 44 6a 5f d1 6b 3f  
|...9.Dj_.k?|
00d0  12 71 dc f0 99 62 d2 43 14 58 f8 6e f8 22 35 d2  
|.q...b.C.X.n.5.|
00e0  90 f7 fd 93 6a c4 49 b8 cb 0c e9 65 a8 f7 22 b5  
|j.Ie...|
00f0  f2 05 19 20 ef 25 63 c7 b3 97 4a 82 3e b2 e3 ee  |... 
.%c...J|
0100  b4 5e cb 1d b3 59 8f 8d f4 79 01 b1 b6 68 89 14  
|.^...Y...y...h..|
0110  b4 8f 9d 60 d7 71 a5 3d 95 02 03 01 00 01 a3 82  
|...`.q.=|
0120  02 5a 30 82 02 56 30 1d 06 03 55 1d 0e 04 16 04  
|.Z0..V0...U.|
0130  14 9a 9a 5d 77 bd 84 66 a4 f1 de 18 10 1b 6e 67  
|...]w..f..ng|
0140  a5 97 c1 14 87 30 1f 06 03 55 1d 23 04 18 30 16  
|.0...U.#..0.|
0150  80 14 75 e8 03 58 5d fb 65 e4 d9 a6 ac 17 b6 03  
|..u..X].e...|
0160  7e 47 ad 2e 81 af 30 81 c2 06 03 55 1d 1f 04 81  
|~G0U|
0170  ba 30 81 b7 30 81 b4 a0 81 b1 a0 81 ae 86 56 68  
|.0..0.Vh|
0180  74 74 70 3a 2f 2f 74 6b 78 70 61 73 72 76 33 36  
|ttp://tkxpasrv36|
0190  2e 70 61 72 74 6e 65 72 73 2e 65 78 74 72 61 6e  
|.partners.extran|
01a0  65 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d  
|et.microsoft.com|
01b0  2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 4d 69 63 72  
|/CertEnroll/Micr|
01c0  6f 73 6f 66 74 25 32 30 4c 53