Security and Communication Networks / 2019 / Article / Alg 4

Research Article

The Prediction of Serial Number in OpenSSL’s X.509 Certificate

Algorithm 4

Guess the serial number.

Step 1: Attacker applies for a certificate to target CA and records the submitting time in seconds.
Step 2: Attacker receives the certificate, checks the time Tb of “not before” in certificate and the time Ta of “not after”,
and computes and .
Step 3: According to the Algorithms 1 and 2, attacker brutes force the every 100-nanosecond (for Windows) or every
microsecond (for Linux) in to find which time seed is used to generate the certificate (totally or )
Step 4: Attacker selects a future time as the time of “not before” of the target forged certificate
Step 5: Attacker randomly selects a value of m, which satisfies the condition:
(for Windows XP)
(for Ubuntu)
Step 6: According to the Algorithms 1 and 2, attacker computes the candidate serial numbers
with the seed of (in seconds) and +100144m(in 100nanoseconds) or +1008m(in microseconds).
Step 7: Attacker uses the candidate serial numbers, as “not before”, and as “not after”,
to generate forged certificates according to the Stevens’s method [3].
Step 8: Attacker submits the application at the time and get the signature of the certificate.

We are committed to sharing findings related to COVID-19 as quickly and safely as possible. Any author submitting a COVID-19 paper should notify us at to ensure their research is fast-tracked and made available on a preprint server as soon as possible. We will be providing unlimited waivers of publication charges for accepted articles related to COVID-19. Sign up here as a reviewer to help fast-track new submissions.