1325Fermer1327
ZerosquareLe 16/03/2019 à 18:31
À un bit près...
A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificatesArs TechnicaCertificates with 63-bit serial numbers touch off mass revocation blitz.

The snafu is the result of the companies' misconfiguration of the open source EJBCA software package that many browser-trusted authorities use to generate certificates that secure websites, encrypt email, and digitally sign code. By default, EJBCA generated certificates with 64-bit serial numbers, in keeping, it seemed, with an industry mandate that serial numbers contain 64 bits of output from a secure pseudo-random number generator. Upon further scrutiny, engineers discovered that one of the 64 bits must be a fixed value to ensure the serial number is a positive integer. As a result, the EJBCA default produced a serial number with 63 bits of entropy.