[Cryptography] Possible reason why password usage rules are such a mess
Thierry Moreau
thierry.moreau at connotech.com
Fri Mar 6 08:21:09 EST 2020
On 06/03/20 12:43 AM, Peter Gutmann wrote:
>
> [...] (in one
> pen-test an urgent phonecall about "our servers are down because the cert has
> expired, we need a new one quickly!" was all that was required to get a
> certificate issued to a random third party), [...]
This illustrates how the public key cryptography is not too well
mastered by the "experts." A certificate renewal would make sense for
the same "subject" public key as the expired certificate. Then, the
malevolent random third party would not be able to use the certificate.
- Thierry
More information about the cryptography
mailing list