Closed Bug 1197891 Opened 9 years ago Closed 9 years ago

Strange modulus in root CA certificate

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: joev, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36

Steps to reproduce:

I was running some tests over public HTTPS certificates this weekend, and noticed something odd about the Thawte Root CA added by this ticket:

https://bugzilla.mozilla.org/show_bug.cgi?id=407163#c17

The modulus is divisible by 3:

$ openssl x509 -in thawte.pem -noout -text
...
RSA Public Key: (2048 bit)
      Modulus (2048 bit):
          00:ac:a0:f0:fb:80:59:d4:9c:c7:a4:cf:9d:a1:59:
          73:09:10:45:0c:0d:2c:6e:68:f1:6c:5b:48:68:49:
          59:37:fc:0b:33:19:c2:77:7f:cc:10:2d:95:34:1c:
          e6:eb:4d:09:a7:1c:d2:b8:c9:97:36:02:b7:89:d4:
          24:5f:06:c0:cc:44:94:94:8d:02:62:6f:eb:5a:dd:
          11:8d:28:9a:5c:84:90:10:7a:0d:bd:74:66:2f:6a:
          38:a0:e2:d5:54:44:eb:1d:07:9f:07:ba:6f:ee:e9:
          fd:4e:0b:29:f5:3e:84:a0:01:f1:9c:ab:f8:1c:7e:
          89:a4:e8:a1:d8:71:65:0d:a3:51:7b:ee:bc:d2:22:
          60:0d:b9:5b:9d:df:ba:fc:51:5b:0b:af:98:b2:e9:
          2e:e9:04:e8:62:87:de:2b:c8:d7:4e:c1:4c:64:1e:
          dd:cf:87:58:ba:4a:4f:ca:68:07:1d:1c:9d:4a:c6:
          d5:2f:91:cc:7c:71:72:1c:c5:c0:67:eb:32:fd:c9:
          92:5c:94:da:85:c0:9b:bf:53:7d:2b:09:f4:8c:9d:
          91:1f:97:6a:52:cb:de:09:36:a4:77:d8:7b:87:50:
          44:d5:3e:6e:29:69:fb:39:49:26:1e:09:a5:80:7b:
          40:2d:eb:e8:27:85:c9:fe:61:fd:7e:e6:7c:97:1d:
          d5:9d
...

In decimal, n = 21792351585640198823010717570910971808469628036117065647538316584461104694117982485321090653713725047310400166950260364014694475955614649567105003746715215324780062062279650013594782973385729484663548395943818891646627881966763447613843848477217062740245542204851265868584077207630605591368653815537305062114070585230257191208028253066375143961437528906673239945963251004711957177331642223955097208406041399313757154785490545306249678772025651877768759744272959454462203420797356883438748497204511642306943070888183560085665480831040768469291400165663422365743517117023333869866682052270847261336941032136430789186973



Actual results:

The modulus is trivially factorable (it is divisible by 3). I'm not familiar enough with the CA system to know if this is an exploitable problem (it certainly is for RSA in general, factoring n breaks everything).


Expected results:

Hopefully this is a misunderstanding on my behalf, and not a real problem. To my understanding RSA modulus should be a semiprime, and their prime factors should be huge.
Nevermind! This was a spoofed cert that has a modulus that is a few bytes different from the one bundled in Firefox. I will diff harder next time :)
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.