On Sat, Sep 5, 2015 at 5:28 AM, Georgi Guninski <[email protected]> wrote: ... > This works with openssl 1.0.1p over SSL. > > Attached is self signed cert and the priv. key. > > Session: > ./apps/openssl s_server -accept 8080 -cert ./cacert2.pem -key > ./key-comp2.key -HTTP > > openssl s_client -connect localhost:8080 > > Server public key is 1204 bit > Verify return code: 18 (self signed certificate) > > > sage: q=0x008000000000000000001d8000000000000000012b > sage: factor(q) > 604462909807314587353111 * 1208925819614629174706189
Georgi, just a quick note to thank you for sharing your research and taking time to verify your findings against OpenSSL. I've been researching cryptographic backdoors -- you may want to review this http://illusoryTLS.com/ -- and the lack of checks on group parameters, malicious or otherwise (*), is to me yet another cause for concern. Great catch! (*) It would be interesting to look at the story of RFC-2631, as Bernstein, Lange, and Niederhagen did for the Dual EC standard https://projectbullrun.org/dual-ec/ Cheers, -- Alfonso
