| Thanks for publishing. FWIW I tried your tools, and it said my server Nginx HTTPS was vulnerable, but I couldn't get any keys out of it. I created a 180MB dump file, and then scanned it, and it finished without finding keys (and I repeated this again) I also tried the code you linked here: https://news.ycombinator.com/item?id=7577659 This also failed, and it actually said my server was likely not vulnerable? I compiled my own Nginx, (but not my own SSL, that came from Debian 7.0 Wheezy) Linux ... 3.9.3-x86_64-linode33 #1 SMP Mon May 20 10:22:57 EDT 2013 x86_64 GNU/Linux OpenSSL 1.0.1e 11 Feb 2013 I just upgraded the Debian libssl1.0.0 package, and now your code says I am safe. I see there is the len(all_data) > 24 check. Should compiling my own Nginx have any effect on whether the exploit works? I would think not, but 2 different exploits failed (although maybe I didn't run it long enough). FWIW it was Nginx 1.0.12. EDIT: FWIW, now that I read Cloudflare's results, they think the Nginx server is only vulnerable shortly after being restarted. My server was running for months, which may have explained why it wasn't vulnerable. Oh well. http://blog.cloudflare.com/the-results-of-the-cloudflare-cha... |
I would recommend you to gather at least a gigabyte before digging for the key - preferably more. I dumped 43 GB from CloudFlare on Sunday, and found the prime 194 times in that dump. It can be found in much less time, however. Here's a test I just did against the CloudFlare server, resulting in the full prime 34 times in 60 seconds: https://twitter.com/einaros/status/456136820913238016
The code from the second posted you noted (https://news.ycombinator.com/item?id=7577659) isn't mine. That one builds off of the original Python PoC, which fails for a lot of configurations.
The Github code is the first publication I've done. Let me know if you see a server that's vulnerable, that the Github code fails to detect.