- This page is a collection of some of the Advanced queries from the [[Datalog]] channel on the [[Logseq/Discord]] server. #datalog id:: 61db13f4-75e8-4f87-ad60-3ac3479c5fc8
A serious issue in the way Windows handles digital certificates.
Here's a quick mathematical explanation of the issue:
The bug exploits
crypt32.dll
signature verification on elliptic curve.crypt32.dll
only checks for matching public key and parameters, but not the generatorG
.
The private key isd = [1, n - 1]
, wheren
is order of the curve
The public key isQ
=dG
.
The generatorG
is defined for each curve, but the bug allows your to specify your own generator.
I hereby claim:
- I am SDx3 on github.
- I am sdx3 (https://keybase.io/sdx3) on keybase.
- I have a public key whose fingerprint is 86FC E598 FFDE 2D80 3454 C468 5C1C 61A5 A9FA A13A
To claim this, I am signing this object: