Matt Palmer <[email protected]> writes: >There's roughly 2M keys in the pwnedkeys dataset at present. Splitting by >type can *kinda* be done, insofar as I keep track of whether the format of >the key I found was PKCS1, PKCS8, OpenSSH, PuTTY, etc, but that's not >definitive, since OpenSSH reads other formats of key, and they're all just >big numbers anyway, at the end of the day.
Switching hats to the one that looks a lot like Sherlock Holmes' deerstalker, it'd be really interesting to see stats for this since I had no idea there were that many compromised keys out there. I think this would be quite interesting to security researchers depending on how much data you've got on the keys, breadown by key types, arrival rate (is it a steady trickle from leaks or does it come in bursts due to large-scale compromises), etc. Heck, just anything to help us understand key leaks/compromises a bit more, until now I didn't even know how bad it was. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ME0P300MB071314A37966BAF5DAF597E3EE4D2%40ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM.
