<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 14/09/2015 17:40, Michael Heide
wrote:<br>
</div>
<blockquote class=" cite"
id="mid_20150914174002_4fe26888_tbb_phenom"
cite="mid:20150914174002.4fe26888@tbb-phenom" type="cite">
<pre wrap="">Am Mon, 14 Sep 2015 16:39:15 +0200 schrieb Jakob Bohm <a class="moz-txt-link-rfc2396E" href="mailto:jb-openssl@wisemo.com"><jb-openssl@wisemo.com></a>:
</pre>
<blockquote class=" cite" id="Cite_225984" type="cite">
<pre wrap="">Where can I see the actual file (Not the virustotal
description of the signature), I would need to look
at the actual details to make sense of this.
</pre>
</blockquote>
<pre wrap="">I think you have to use some kind of a subscription and use their APIs to access their database.
I've searched the web and found:
<a class="moz-txt-link-freetext" href="http://admdownload.adobe.com/bin/live/flashplayer18ax_ha_install.exe">http://admdownload.adobe.com/bin/live/flashplayer18ax_ha_install.exe</a>
(md5: 0c6b5474223a4b5bf90a46844ed865db)
Seems to be a file with the same criteria here.
</pre>
</blockquote>
<tt>That one is a big surprise to me.</tt><tt><br>
</tt><tt><br>
</tt><tt>It seems that as late as in August 17 2015 (4 weeks ago), <br>
Symantec/Verisign </tt><tt>issued a timestamp signature, whose <br>
"EncryptedDigest"</tt><tt> was </tt><tt>made on the following
non-standard <br>
input:</tt><tt><br>
</tt><tt><br>
</tt><tt>00|01|FF...|00|00 87 34 69 20 D5 4C 68 F4 B1 30 6D</tt><tt>
</tt><tt>EA 3E 40 CC B7 71 AC 1D</tt><tt><br>
</tt><tt><br>
</tt><tt>The first parts (</tt><tt>00|01|FF...|00) form the PKCS#1
padding <br>
for a PCS#1 v1.x signature.<br>
<br>
But the last part is a 20 byte string that doesn't seem to <br>
match anything permitted by PKCS#1 v1.5 (or v2.1). I also <br>
note that the SignerInfo specifies "version 1" (aka PKCS#7 <br>
v1.5), so I don't think this could be the elusive PKCS#7 <br>
v1.4 signature format.<br>
<br>
It might hypothetically be an SHA1 SUM, but the initial 00 <br>
byte looks strange.<br>
<br>
</tt><tt><tt>I am struggling a bit with trying to figure out what
bytes <br>
are covered by the hash value, so far I have failed to <br>
manually extract a relevant subset of of the message, but I <br>
may have made some basic mistake since I usually don't do <br>
this by hand.<br>
<br>
<br>
</tt>Well, the good news is that at least the PKCS#1 padding is <br>
still there, which makes it a lot less vulnerable than what <br>
your e-mails made me think.<br>
</tt><br>
<blockquote class=" cite"
id="mid_20150914174002_4fe26888_tbb_phenom"
cite="mid:20150914174002.4fe26888@tbb-phenom" type="cite">
<pre wrap="">...
</pre>
<blockquote class=" cite" id="Cite_5601423" type="cite">
<pre wrap="">And this file is very new (July 2015), are you sure
it uses the nonstandard EncryptedDigest calculation?
</pre>
</blockquote>
<pre wrap="">No, I'm not. Maybe I'm doing something wrong. I don't know. </pre>
</blockquote>
<tt>It seems not, now I really wonder what is going on.</tt><br>
<br>
<pre class="moz-signature" cols="72">Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. <a class="moz-txt-link-freetext" href="http://www.wisemo.com">http://www.wisemo.com</a>
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded </pre>
</body>
</html>