Matt:
> I now believe you've decoded the below incorrectly because the leading
> bit is set, making this a signed number which may have made some of your
> tools croak. Decoding by hand, I get the following mod/exp:
Are you saying that under some conditions Microsoft Outlook generates a
x.509 cert with a negative modulus that can only be docoded "correctly"
with the other microsoft tools ?
If this is correct, the security implications are horrific as different
x.509 implementations interpret the INTEGER value in a different way. For
example, if an identity certificate generated by a Microsoft Outlook is
used on a service with a bug-free ASN.1 implementation, identity can be
easily faked (as demonstrated by my factorization of "bug-free" n) !
> note that the complement of DF = 20, AA = 55, which begins to look a lot
> like the number you 'decoded' below.
The number was decoded correctly, according to the ASN.1 standard. This
must be a bug in the microsoft implementation.
If you would have cared to check the thread you would have seen that
I and several other people pointed out that this number is a negative
one. Out tools didn't "croak", they simply said what is in there
according to ASN.1.
We'll have to do further research on this.
> BTW, I've had our research team check the above modulus (DFAA...) for
> trivial factors. We found no prime divisors below 10 million.
I checked with ECM; the probability of prime divisors below 10^25 in
"DFAA.." is small.
- mj
Markku-Juhani O. Saarinen <[EMAIL PROTECTED]> University of Jyv�skyl�, Finland
