I hereby claim:
- I am SDx3 on github.
- I am sdx3 (https://keybase.io/sdx3) on keybase.
- I have a public key whose fingerprint is 86FC E598 FFDE 2D80 3454 C468 5C1C 61A5 A9FA A13A
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
A serious issue in the way Windows handles digital certificates.
Here's a quick mathematical explanation of the issue:
The bug exploits
crypt32.dll
signature verification on elliptic curve.crypt32.dll
only checks for matching public key and parameters, but not the generatorG
.
The private key isd = [1, n - 1]
, wheren
is order of the curve
The public key isQ
=dG
.
The generatorG
is defined for each curve, but the bug allows your to specify your own generator.