Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Apr 2024 01:51:35 -0000 (UTC)
From: Tavis Ormandy <>
Subject: finding similar compromises (was Re: From xz to ibus: more
 questionable tarballs)

On 2024-04-01, HW42 wrote:
> Hi Jan,
> great that you are looking for further problems. (Just to be clear, I'm
> not associated with ibus in any way.)

Yes, agreed. In the interests of discussing things in the open after
just complaining about embargoes... :)

It occurred to me that I could grep around in an SKS dump for any keys
that had similar options that Jia Tan used -- algorithm preferences and
so on -- and see if any jumped out as suspicious.

I figure SKS is kinda obscure, so maybe nobody else checked... or maybe
I'm late to the party, or maybe this is obvious -- I'm not an IR guy :)

Here are the options Jia used in his package signing key:

:signature packet: algo 1, keyid 59FCF207FEA7F445
    version 4, created 1672241009, md5len 0, sigclass 0x13
    digest algo 10, begin of digest c9 92
    hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
    hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
    hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
    hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
    hashed subpkt 30 len 1 (features: 01)
    hashed subpkt 23 len 1 (keyserver preferences: 80)
    subpkt 16 len 8 (issuer key ID 59FCF207FEA7F445)
    data: [4096 bits]

That date is:

$ date --utc --date @1672241009
Wed Dec 28 03:23:29 PM UTC 2022

I think the default is 3072 bits and 2y expiry, which has been the
default since 2020:

I think they either used gpg --full-generate-key, or maybe a distro that
changes the defaults... does anyone know what distro or software they
might be using?

Grepping around for similar keys created +/- 30 days, I do find a few
with the same word\d\d\d\ username pattern and the same
gpg options. I found some matching github accounts, but nothing stands
out as suspicious. I also see some marked package signing keys -- e.g.
0x9C2247349FD4213F -- created just one week earlier:

$ date --utc --date @1671644345
Wed Dec 21 05:39:05 PM UTC 2022

Maybe it's nothing, but same algorithm, expiry, key size... maybe
they're using the same distribution?

Anyway, I wasted the afternoon on this :)


 _o)            $ lynx
 /\\  _o)  _o)  $ finger
_\_V _( ) _( )  @taviso

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.