Stories with Tag verification

• How to distrust a CA without any certificate errors

  permalink

  Posted: 2025-03-06 22:28:01

  Verbose tl;dr

  This blog post explores how a Certificate Authority (CA) could maliciously issue a certificate with a valid signature but an impossibly distant expiration date, far beyond the CA's own validity period. This "fake future" certificate wouldn't trigger typical browser warnings because the signature checks out. However, by comparing the certificate's notAfter date with Signed Certificate Timestamps (SCTs) from publicly auditable logs, inconsistencies can be detected. These SCTs provide proof of inclusion in a log at a specific time, effectively acting as a timestamp for when the certificate was issued. If the SCT is newer than the CA's validity period but the certificate claims an older issuance date within that validity period, it indicates potential foul play. The post further demonstrates how this discrepancy can be checked programmatically using open-source tools.

  This blog post by Dadrian, titled "How to distrust a Certificate Authority without any certificate errors," explores a nuanced vulnerability related to Signed Certificate Timestamps (SCTs), which are crucial for ensuring the transparency and integrity of certificate issuance. The core issue revolves around the "notAfter" field within these SCTs. While a certificate itself has a validity period defined by its own "notAfter" date, the SCTs that vouch for its inclusion in a Certificate Transparency (CT) log also possess their own "notAfter" dates. The post highlights a potential scenario where a malicious or compromised Certificate Authority (CA) could issue a perfectly valid certificate – meaning the certificate's own "notAfter" date is in the future – yet manipulate the SCTs associated with that certificate. Specifically, the CA could backdate the SCTs, setting their "notAfter" dates to a point in the past.

  This manipulation wouldn't immediately trigger certificate errors in browsers or other relying parties because the certificate itself remains technically valid. However, it undermines the core principle of Certificate Transparency. Certificate Transparency logs are designed to provide an auditable record of all issued certificates, allowing for public scrutiny and detection of mis-issued or fraudulent certificates. The "notAfter" date of an SCT serves as a timestamp guaranteeing the certificate's inclusion in the log up to that specific point in time. By backdating the SCTs, the CA effectively creates a situation where the proof of inclusion in the CT log expires prematurely. This creates a window of opportunity where the CA could potentially issue other, fraudulent certificates without those certificates being reflected in the CT logs, as the now-expired SCTs no longer offer valid proof of inclusion. This undermines the entire auditability and transparency mechanism.

  The blog post details a practical demonstration of this vulnerability, showing how one can programmatically examine SCTs embedded in a certificate and compare their "notAfter" dates with the current time. This allows for the identification of certificates with potentially backdated SCTs, raising a red flag regarding the trustworthiness of the issuing CA, even in the absence of traditional certificate errors. The post concludes by emphasizing the importance of validating SCT "notAfter" dates as a critical part of robust certificate verification procedures and underscores the subtle ways in which the Certificate Transparency ecosystem can be compromised, requiring vigilance beyond simply checking for standard certificate validity. It implies that relying solely on the validity of the certificate itself isn't sufficient for guaranteeing trustworthiness and that scrutiny of associated SCTs is paramount.

  • TLS
  • SSL
  • certificates
  • Certificate Authority
  • CA
  • PKI
  • Security
  • Web Security
  • SCT
  • Signed Certificate Timestamps
  • transparency
  • X.509
  • Not After
  • Expiration
  • Distrust
  • verification
  • Cryptography

  Summary of Comments ( 43 )
  https://news.ycombinator.com/item?id=43285671

  Verbose tl;dr

  Hacker News users discuss the practicality and implications of the blog post's method for detecting malicious Sub-CAs. Several commenters point out the difficulty of implementing this at scale due to the computational cost and potential performance impact of checking every certificate against a large CRL set. Others express concerns about the feasibility of maintaining an up-to-date list of suspect CAs, given their dynamic nature. Some question the overall effectiveness, arguing that sophisticated attackers could circumvent such checks. A few users suggest alternative approaches like using DNSSEC and DANE, or relying on operating system trust stores. The overall sentiment leans toward acknowledging the validity of the author's points while remaining skeptical of the proposed solution's real-world applicability.

  The Hacker News post "How to distrust a CA without any certificate errors" sparked a discussion with several insightful comments. Many commenters engaged with the core concept of the blog post, which explored how a Certificate Authority (CA) could potentially manipulate certificates without triggering typical browser warnings.

  One commenter highlighted the difficulty in detecting this type of manipulation, emphasizing that the trust model inherently relies on the CA. They pointed out the unlikelihood of a user independently verifying the certificate chain, especially given the complexity involved. This reinforced the article's point about the potential vulnerability.

  Another commenter discussed the "certificate pinning" technique, which involves hardcoding expected certificate information into an application. While effective against the specific attack described in the article, they acknowledged that it's not a widespread solution and introduces its own set of management challenges, such as the need to update pinned certificates regularly.

  The conversation also touched upon the broader issues of trust and security in the digital landscape. One commenter expressed a general lack of trust in CAs, citing past incidents of compromised CAs and questionable practices. This sentiment resonated with other users who echoed concerns about the centralized nature of the CA system.

  Some commenters suggested alternative approaches to enhance security. One idea involved using DNSSEC combined with DANE (DNS-based Authentication of Named Entities), allowing domain owners to specify which CAs are authorized to issue certificates for their domain. Another suggestion was to explore decentralized identity solutions, moving away from the reliance on centralized CAs altogether.

  Several comments also delved into the technical details of the attack described in the article, with users discussing specific aspects of certificate validation and the potential implications for different browsers and operating systems. There was some debate about the practicality of the attack and the likelihood of it being exploited in the wild, with some arguing that the complexity involved would make it a less attractive option for attackers.

  Overall, the comments section reflected a general understanding of the potential vulnerabilities associated with the current CA system and a desire for more robust and transparent security solutions. While no single solution emerged as a clear winner, the discussion provided valuable insights into the challenges and potential future directions of certificate management and online trust.

• Long division verified via Hoare logic

  permalink

  Posted: 2025-02-26 16:15:17

  Verbose tl;dr

  The blog post details a formal verification of the standard long division algorithm using the Dafny programming language and its built-in Hoare logic capabilities. It walks through the challenges of representing and reasoning about the algorithm within this formal system, including defining loop invariants and handling edge cases like division by zero. The core difficulty lies in proving that the quotient and remainder produced by the algorithm are indeed correct according to the mathematical definition of division. The author meticulously constructs the necessary pre- and post-conditions, and elaborates on the specific insights and techniques required to guide the verifier to a successful proof. Ultimately, the post demonstrates the power of formal methods to rigorously verify even relatively simple, yet subtly complex, algorithms.

  The blog post "Long story of division" details a rigorous verification of the long division algorithm using Hoare logic. The author meticulously demonstrates how to prove the correctness of this fundamental arithmetic operation, a process more complex than its commonplace usage might suggest. The post begins by acknowledging the seemingly trivial nature of long division, a procedure learned early in education, yet highlights the underlying logical intricacies that often go unnoticed. It then introduces Hoare logic as the chosen verification method, explaining its basic principles: preconditions, postconditions, and loop invariants. These concepts form the framework for guaranteeing that a program, or in this case an algorithm, behaves as intended.

  The core of the post delves into the specific application of Hoare logic to the long division algorithm. The author carefully constructs a loop invariant – a condition that holds true before, during, and after each iteration of the division loop – which captures the essence of the algorithm's progressive refinement of the quotient. This invariant, expressed mathematically, relates the dividend, divisor, current quotient, and remainder at each step. The post rigorously demonstrates that this invariant is preserved across all iterations, proving that the algorithm correctly computes the quotient and remainder.

  The argument proceeds step-by-step through the long division process, mirroring the manual calculation one might perform with pencil and paper. Each stage of the division – from bringing down the next digit of the dividend to subtracting the product of the divisor and the current quotient digit – is formalized within the Hoare logic framework. Preconditions and postconditions are established for each step, and the preservation of the loop invariant is meticulously verified. This detailed approach ensures that no aspect of the algorithm's operation is left unchecked.

  The author further explains how the initial condition before the loop begins and the final condition after the loop terminates are connected by the carefully constructed loop invariant. This connection provides the crucial link that demonstrates the overall correctness of the long division algorithm. By establishing that the invariant holds throughout the process and connects the initial and final states, the proof guarantees that the final quotient and remainder are indeed the correct results of the division operation. The post concludes by having successfully proven the correctness of the long division algorithm using formal methods, highlighting the power of Hoare logic to provide rigorous assurance even for seemingly simple procedures. This detailed verification process showcases how formal methods can be applied to ensure the reliability of fundamental algorithms.

  • long division
  • Hoare logic
  • program verification
  • formal methods
  • mathematics
  • Computer Science
  • algorithms
  • proofs
  • verification
  • software engineering

  Summary of Comments ( 1 )
  https://news.ycombinator.com/item?id=43185059

  Verbose tl;dr

  Hacker News users discussed the application of Hoare logic to verify long division, with several expressing appreciation for the clear explanation and visualization of the algorithm. Some commenters debated the practical benefits of formal verification for such a well-established algorithm, questioning the likelihood of uncovering unknown bugs. Others highlighted the educational value of the exercise, emphasizing the importance of understanding foundational algorithms. A few users delved into the specifics of the chosen proof method and its implications. One commenter suggested exploring alternative verification approaches, while another pointed out the potential for applying similar techniques to other arithmetic operations.

  The Hacker News post "Long division verified via Hoare logic" discussing the article about verifying long division using Hoare logic sparked a small but focused conversation. Several commenters express appreciation for the clear explanation of both Hoare logic and its application to a concrete example like long division. One commenter highlights the pedagogical value of such demonstrations, suggesting it's a good way to teach people about formal verification methods. They appreciate the author's approach of starting with a simple example and gradually introducing complexities, making the concepts more accessible.

  Another commenter delves into the practical implications, pondering whether such verified algorithms could find their way into real-world applications like optimizing compilers. They acknowledge the potential benefits of guaranteed correctness for critical operations like division, especially in performance-sensitive contexts.

  A different user questions the choice of long division as the example, wondering if simpler algorithms might have served the illustrative purpose equally well while requiring less intricate proofs. This commenter suggests that the complexity of the long division algorithm might overshadow the core principles of Hoare logic being demonstrated.

  Finally, a comment points out the historical context, mentioning Edsger W. Dijkstra's early work on formal program verification and how the article's approach aligns with Dijkstra's vision. This comment connects the present work to the foundational ideas in the field.

  Overall, the comments demonstrate a positive reception of the article, praising its clarity and educational value. The discussion also touches upon practical considerations and historical context, enriching the understanding of the presented work.

• YouTube asks channel owner to verify phone, permanently overwrites personal info

  permalink

  Posted: 2025-02-17 01:25:46

  Verbose tl;dr

  A VTuber's YouTube channel, linked to a Brand Account, was requested to verify ownership via phone number. Upon doing so, the channel's name and icon were permanently changed to match the Google account associated with the phone number, completely overwriting the VTuber's branding. YouTube support has been unhelpful, claiming this is intended behavior. The VTuber is seeking community support and attention to the issue, warning others with Brand Accounts to avoid phone verification, as it risks irreversible damage to their channel identity.

  A Reddit user, posting in the Virtual YouTubers subreddit, recounts a distressing experience involving YouTube's channel verification process. The user, who manages a channel dedicated to virtual YouTubers (VTubers), explains that YouTube prompted them to verify their phone number associated with the channel. Upon complying with this seemingly routine request, the user encountered a significant and irreversible issue. YouTube, rather than simply verifying the channel, proceeded to overwrite the channel's brand account information with the user's personal Google account details. This action replaced the channel's dedicated brand name and associated email address with the user's personal information. The user emphasizes the permanence of this change, stating that there appears to be no method to revert to the original brand account details. This has caused considerable distress, as the channel is now effectively tied to the user's personal identity, compromising the intended separation between the individual and the VTuber persona the channel represents. The user urgently requests assistance from the community, seeking any possible solutions or avenues to rectify the situation and restore the channel to its previous state. The incident highlights a potentially serious flaw in YouTube's verification system, where a seemingly innocuous security measure has resulted in the unintended and irreparable alteration of channel ownership and identity.

  • YouTube
  • channel
  • verification
  • phone verification
  • account security
  • data overwriting
  • personal information
  • privacy
  • virtual youtuber
  • vtuber
  • content creator
  • platform policy

  Summary of Comments ( 203 )
  https://news.ycombinator.com/item?id=43073836

  Verbose tl;dr

  HN commenters were largely skeptical of the YouTuber's claims, suspecting they had misunderstood or misrepresented the situation. Several pointed out that YouTube likely wouldn't overwrite an existing Google account with a brand account's information and suggested the user had accidentally created a new account or merged accounts unintentionally. Some offered technical explanations of how brand accounts function, highlighting the separation between personal and brand channel data. Others criticized the YouTuber for not contacting YouTube support directly and relying on Reddit for technical assistance. A few commenters expressed general frustration with YouTube's account management system, but most focused on the plausibility of the original poster's story.

  The Hacker News post titled "YouTube asks channel owner to verify phone, permanently overwrites personal info" (linking to a Reddit post about a VTuber's issues with YouTube account recovery) has several comments discussing the implications of the situation. Many express concern over YouTube's account recovery and verification systems.

  One commenter highlights the powerlessness content creators face against platform decisions, stating that YouTube holds all the cards and can effectively hold a creator's livelihood hostage. They express frustration at the lack of recourse and the difficulty in reasoning with YouTube support.

  Another commenter focuses on the technical aspect, suggesting that the issue might stem from a database design flaw where the recovery phone number field overwrites the primary contact number. They speculate this could be due to a rushed implementation or a lack of proper testing.

  Several comments express sympathy for the VTuber, acknowledging the significant impact losing their channel would have on their career and community. They criticize YouTube's seemingly arbitrary and unhelpful support processes.

  The fragility of online identities and the dependence on platforms like YouTube is a recurring theme. Commenters lament the lack of control users have over their own content and accounts. One user suggests a decentralized alternative could be a solution, though acknowledges the difficulty in achieving such a system.

  The discussion also touches upon the broader issue of data security and privacy, questioning YouTube's handling of personal information. The incident raises concerns about the potential for accidental or malicious data loss or alteration on the platform.

  A few commenters offer practical advice, suggesting contacting YouTube support through different channels or seeking legal counsel. However, the overall sentiment reflects a sense of pessimism regarding the effectiveness of these actions.

  Several commenters mention similar experiences with other online platforms, reinforcing the perception of a systemic problem with account security and recovery processes across the tech industry.

  In summary, the comments section reveals widespread concern about YouTube's practices regarding account verification and recovery. The commenters express sympathy for the affected VTuber, criticize YouTube's opaque support system, and discuss the larger implications for content creators and online identity. The technical aspects of the issue are also touched upon, along with potential solutions and the broader context of data security and platform dependence.