- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
This is grammatically incorrect.The correct version is
All your encryption key are belongs to us
captcha: praesent . This article was praesented very well
Admin
At risk of killing the joke stone dead, I believe the comment about "human readability" was an ironic poke. It wasn't ncessarily meant to be human readable, that's just the way SOAP (?) vomits XML.
So the real WTF is using a tool to translate an encryption algorithm into a format which displays that encryption for the whole wide world to see.
Have I finally got one right, you bunch of COBOL-sniffers?
Admin
Admin
[guru@ice ~]$ file wtf.txt wtf.txt: data [guru@ice ~]$ strings wtf.txt VMware Installer0 110715074041Z 210712074041Z0v1 VMware, Inc.1 VMware, Inc.1#0! VMware default certificate1!0 [email protected] >J* ^VO# Z0X0 icvdivcs.cc.ic.ac.uk0 NjX8
Admin
Only after using rot13 of course!
Admin
It's at least obscured a little - the IDs are sorted by string rather than numerically :D
Admin
Admin
Admin
and they should do it twice!
Admin
and they should do it twice!
Admin
Adding compression would be fine. Maybe some sort of container file, perhaps zip. XML requires a lot of space after all. There's transparent .zip in filesystems anyway, nowadays.
Admin
That's amazing. I've got the same combination on my luggage.
Admin
Ahem, I have to admit that this one should be blamed on me.
They see me codin', they hatin'...
Admin
Admin
Admin
Captcha: Eros, what XML is to a good programmer
Admin
An XML within an XML? X-Ception!
Admin
They stopped working ever since they got the opportunity to admire the brilliance of a certain Paula Bean.
Admin
FTFY
Admin
And notice how few of the "bytes" in that key have values above 127. What kind of key fails to exhibit even the appearance of randomness?
Admin
There are also multiple keys that resolve to the same value. Can't tell if that is a WTF or deliberately designed that way.
Either way it is a WTF
Admin
Admin
Besides, did you really expect an array of 877 bytes to not contain duplicates?
Admin
You do know about RFC 3252, no?
Captcha: dolor. Dolor? up here we spell that dolour!
Admin
But then it wouldn't be not readable not anymore. It's perfect for me like it is. Never have been clearer to me!
Admin
<computer engineer>TRWTF is humans who can't read binary.</computer engineer>
Admin
The bytes are encoded as -127 -> 127, so looks like the XML encoder treated them as signed.
Admin
Admin
TRWTF, AMIRITE?
Admin
Truely human readable:
b0282938683d5848a938cd6cd81f7e1f2e5aca0c9eee3ae82b195b0938683d5848b93828cd6cdf7e1f2e5aca0c984eee3aeb1a3b0a18683d52f8483939ad6cdf7e1f2e55ea0e4e5e6e1f5ecf4a0e392e5f2f4e9e6e9e3e1f4e5c8b1a1b09f8689aa6c86b0778d8189819692f3f5f0838df0eff2f4c0f6edf7e1f286e5aee3efedb0281a2b0898d8689aa6c86778d81aa81818580832818f80b062818a822818180493ec8f021a9f5d75e90ef4cf64e20787c183c7a1fcee577108481711899f514b4a8dec315319d924f43f653181c66f45653ab77b5cb63e98193e5d051f625ed5198855a95e2757fd36b199962858ec23c5284dcbecaaa3a80d94d4e892b87
None of the XML nonsense :)
Admin
Admin
FTFY
Admin
Dude, you were so close...
Admin
Actually, the comment was supposed to address two things: a) an explanation for the superior amount of positive numbers. And b) that this WTF is far less caring about disclosing it's original source than usual on tdwtf. It being a certificate had been instated quite clearly by that time.
Granted, it wasn't really making clear either intention :-)
Admin
Admin
TRWTF is signed bytes
Admin
I do. Every person is unique, and every encrypted byte is unique.
Admin
Wouldnt that be inception?
Admin
It's XML all the way down.
Admin
This approach would actually make sense if the XML generation mechanism could not guarantee the ordering of identical tags inside the XML (which clearly appears to happen as the id's are sorted) and that you could not manipulate the restored values before seen by the application (like dehexing a string).
So I think this might actually be a quite clever hack.
Admin
I saw this amazing piece of work and thought "that's awful long for just a key, I bet it's actually a certificate of some kind"...
% grep "e id" key.txt | sed 's/">/ /g' | sed 's/."//' | sed 's/<.//' | sort -n | awk '{ printf "%02x\n", and($2 ,255); }' | xxd -r -p | openssl x509 -text -noout -inform der
Certificate: Data: Version: 3 (0x2) Serial Number: -1344400824 (-0x5021edb8) Signature Algorithm: sha1WithRSAEncryption Issuer: O=VMware Installer Validity Not Before: Jul 15 07:40:41 2011 GMT Not After : Jul 12 07:40:41 2021 GMT Subject: O=VMware, Inc., OU=VMware, Inc., CN=VMware default certificate/[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c9:be:70:a1:29:75:57:de:10:6f:84:4f:ce:a0: f8:fc:98:bc:fa:9f:4e:65:90:04:01:f1:81:09:1f: d1:cb:ca:6c:b1:d3:99:59:a4:74:bf:e5:b1:46:ef: 84:d6:d3:2b:f7:35:4b:e3:13:65:50:d1:76:82:de: 8d:d1:18:da:15:62:f5:ff:53:eb:99:19:e2:0e:42: bc:d2:04:5c:3e:4a:2a:ba:59:cd:ce:88:12:38:f3: b3:dc:7b:8d:b7:31:07:07:3d:34:06:64:1f:b7:69: 31:8c:ad:23:ba:d2:ee:84:6f:a2:9b:b4:a5:5c:8b: 48:a7:f5:a6:0d:79:ed:e9:20:cc:42:c3:6a:7e:50: 84:15:25:a2:ee:e0:04:8c:bf:6d:dd:4a:d3:f3:67: 59:d8:01:f3:fe:bb:5e:56:4f:23:a1:ae:d3:1d:95: 73:3b:a2:35:2b:ea:19:3f:5f:2f:f5:8b:67:a3:19: 6c:f2:5a:23:21:de:b6:e3:89:e9:fe:ff:9f:f3:b2: ff:fc:17:4f:d9:d8:2a:89:bf:c4:84:11:81:f5:f9: fb:c4:0c:98:2f:9a:e2:49:dd:ba:9a:27:24:bc:b4: dd:dd:e7:57:6d:9e:d2:44:5c:72:15:85:ef:29:6b: 35:cb:d5:2e:63:75:f2:25:fe:71:cb:3d:48:63:e9: de:67 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:icvdivcs.cc.ic.ac.uk Signature Algorithm: sha1WithRSAEncryption 9d:92:6e:30:dc:20:83:44:52:02:bb:af:1b:f0:d1:cc:ea:82: 15:40:ee:27:25:52:9a:62:b7:e0:ad:10:f9:a5:96:02:1b:a9: 0d:c0:29:88:a4:f0:bb:d0:88:96:c2:44:ba:82:a7:62:18:e5: cc:f4:6f:6f:96:69:72:29:0a:9b:0e:e4:78:76:e9:87:2a:71: 81:65:8c:9b:9f:39:76:5a:e3:39:5e:82:a5:12:5c:53:af:25: 5d:ac:cf:9d:5d:b7:16:af:64:be:49:d0:fe:dc:f1:53:5c:a9: 48:f1:9d:22:d1:d1:2a:2a:f8:ce:9b:23:3f:c1:03:7a:4d:25: de:77:d6:cb:33:34:bd:7e:63:73:9c:c1:74:50:05:4e:6a:58: 38:19:28:4f:af:7c:b6:a4:c4:5c:dd:a6:45:dd:0d:9f:46:eb: 17:35:7d:0b:06:93:2b:3b:0b:d8:2a:14:03:f7:ba:8f:e3:74: 23:8d:fc:76:0a:9f:a5:e1:69:4d:52:ac:d2:87:3c:81:62:74: 8c:77:87:5b:02:69:25:e4:c3:b5:f7:08:7f:78:02:88:74:c5: c6:94:fc:5f:bf:09:98:37:9a:4f:81:cf:6c:b1:39:5a:5c:ff: 9a:37:5f:ff:04:90:a4:fe:f8:d0:59:f7:3d:b4:40:b2:11:fd: 47:e9:79:fb
Now, given that it's a standard x509 cert, one MIGHT encode ascii-armor it in the typical PEM style:
-----BEGIN CERTIFICATE----- MIIDaTCCAlGgAwIBAgIEr94SSDANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQKExBW TXdhcmUgSW5zdGFsbGVyMB4XDTExMDcxNTA3NDA0MVoXDTIxMDcxMjA3NDA0MVow djEVMBMGA1UEChMMVk13YXJlLCBJbmMuMRUwEwYDVQQLEwxWTXdhcmUsIEluYy4x IzAhBgNVBAMTGlZNd2FyZSBkZWZhdWx0IGNlcnRpZmljYXRlMSEwHwYJKoZIhvcN AQkBFhJzdXBwb3J0QHZtd2FyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDJvnChKXVX3hBvhE/OoPj8mLz6n05lkAQB8YEJH9HLymyx05lZpHS/ 5bFG74TW0yv3NUvjE2VQ0XaC3o3RGNoVYvX/U+uZGeIOQrzSBFw+Siq6Wc3OiBI4 87Pce423MQcHPTQGZB+3aTGMrSO60u6Eb6KbtKVci0in9aYNee3pIMxCw2p+UIQV JaLu4ASMv23dStPzZ1nYAfP+u15WTyOhrtMdlXM7ojUr6hk/Xy/1i2ejGWzyWiMh 3rbjien+/5/zsv/8F0/Z2CqJv8SEEYH1+fvEDJgvmuJJ3bqaJyS8tN3d51dtntJE XHIVhe8pazXL1S5jdfIl/nHLPUhj6d5nAgMBAAGjWjBYMAkGA1UdEwQCMAAwCwYD VR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHREE GDAWghRpY3ZkaXZjcy5jYy5pYy5hYy51azANBgkqhkiG9w0BAQUFAAOCAQEAnZJu MNwgg0RSAruvG/DRzOqCFUDuJyVSmmK34K0Q+aWWAhupDcApiKTwu9CIlsJEuoKn YhjlzPRvb5ZpcikKmw7keHbphypxgWWMm585dlrjOV6CpRJcU68lXazPnV23Fq9k vknQ/tzxU1ypSPGdItHRKir4zpsjP8EDek0l3nfWyzM0vX5jc5zBdFAFTmpYOBko T698tqTEXN2mRd0Nn0brFzV9CwaTKzsL2CoUA/e6j+N0I438dgqfpeFpTVKs0oc8 gWJ0jHeHWwJpJeTDtfcIf3gCiHTFxpT8X78JmDeaT4HPbLE5Wlz/mjdf/wSQpP74 0Fn3PbRAshH9R+l5+w== -----END CERTIFICATE-----
Which is clearly inferior to the "Human Readable" XML encoding they chose.
Admin
Admin
I also loved the alphabetical sorting of the id's
Makes me rethink my own data.