Exponent 3 damage spreads...
Erik Tews
erik at debian.franken.de
Tue Sep 26 01:35:12 EDT 2006
Am Montag, den 25.09.2006, 01:28 +0200 schrieb Philipp Gühring:
> Hi,
>
> We have been researching, which vendors were generating Exponent 3 keys, and
> we found the following until now:
>
> * Cisco 3000 VPN Concentrator
> * CSP11
> * AN.ON / JAP (they told me they would change it on the next day)
> (perhaps more to come)
>
> My current estimate is that 0.26% of the certificates in the wild have
> Exponents <=17
I did a little survey one month ago for my bsc. thesis.
I found out, that round about 1.19% of all https-server-certs use an
exponent <= 17. I did choose round about 32,000 random webservers for
this survey.
What is intresting is what happens when it comes to imap-ssl. Here, only
0.1% of all servers use a server-cert with exponent <= 17. Imap-ssl
users seem to be the better ssl-users, tls 1.0 is more widespread there,
small rsa-modulus-sizes are more seldom, and ssl 2.0 is not so common
there too.
I will publish some more details later.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060926/e767c97d/attachment.pgp>
More information about the cryptography
mailing list