On Friday, March 15, 2019 at 12:35:47 PM UTC-7, Daymion Reynolds wrote: > On Friday, March 15, 2019 at 12:25:37 PM UTC-7, [email protected] wrote: > > Daymion, > > > > (Apologies in advance if I've missed something that led to these results. > > These results rely on the crt.sh database, which I will admit to being less > > familiar with than I would like.) > > > > While recently looking at some randomly selected recent certificates from > > this CA: https://crt.sh/?CAID=904, I noticed that it seemed that all had > > serial numbers with the high bit set. This being unlikely, I took advantage > > of the fact that crt.sh allows direct database access to get some more data > > - and it looks like for several days, the certificates logged did indeed > > have the high bit set in the serial number. > > > > For certificates with a notBefore of 2019-03-07 22:52:51 to 2019-03-13 > > 02:01:15, it appears that all certificates had a serial number with the > > high bit set; there are a little under 100,000 entries in the crt.sh > > database with notBefore between those dates, all appear to be encoded to 9 > > bytes and with the high bit set. > > > > For certificates with notBefore of 2019-03-13 02:01:16 and later, it > > appears that the distribution returns to what would be expected based on > > the selection criteria described. > > > > The odds of this happening by random chance being extremely remote - this > > seems to indicate that there may have been an issue (and a loss of entropy). > > > > The data was pulled from the public crt.sh database, one day at a time, > > using the following query: > > > > select > > c.id, > > x509_notBefore(c.CERTIFICATE), > > x509_serialNumber(c.CERTIFICATE) > > from certificate c > > where > > c.issuer_ca_id = 904 > > and x509_notBefore(c.CERTIFICATE) between '2019-03-08'::date and > > '2019-03-09'::date > > limit 100000; > > > > On Wednesday, March 13, 2019 at 8:17:00 PM UTC-4, Daymion Reynolds wrote: > > > > > In accordance with our conversations to date, prior to 3/7 6:30pm AZ we > > > utilized raw 64 bit output from CSPRING, with uniqueness and non zero > > > checks. This new understanding of the rules calls for us to modify our > > > original disclosure to 0 affected certificates. > > Please read through earlier posts discussing this.
I believe I hit reply to soon, as you are referencing something else. Will look into this. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
