Research Article
The Prediction of Serial Number in OpenSSL’s X.509 Certificate
Algorithm 4
Guess the serial number.
| Step 1: Attacker applies for a certificate to target CA and records the submitting time in seconds. | |
| Step 2: Attacker receives the certificate, checks the time Tb of “not before” in certificate and the time Ta of “not after”, | |
| and computes and . | |
| Step 3: According to the Algorithms 1 and 2, attacker brutes force the every 100-nanosecond (for Windows) or every | |
| microsecond (for Linux) in to find which time seed is used to generate the certificate (totally or ) | |
| Step 4: Attacker selects a future time as the time of “not before” of the target forged certificate | |
| Step 5: Attacker randomly selects a value of m, which satisfies the condition: | |
| (for Windows XP) | |
| (for Ubuntu) | |
| Step 6: According to the Algorithms 1 and 2, attacker computes the candidate serial numbers | |
| with the seed of (in seconds) and +100144m(in 100nanoseconds) or +1008m(in microseconds). | |
| Step 7: Attacker uses the candidate serial numbers, as “not before”, and as “not after”, | |
| to generate forged certificates according to the Stevens’s method [3]. | |
| Step 8: Attacker submits the application at the time and get the signature of the certificate. |