> From: [email protected] [mailto:owner-openssl- > [email protected]] On Behalf Of Stanislav Meduna > > On 18.02.2012 17:02, Edward Ned Harvey wrote: > > > So these studies went out and scoured the internet, collecting public keys > > from every service they could find, which amounts to something like 1-2 > > million servers, and they scanned them all for identical keys and/or shared > > factors. They found approx 1 in every 250 internet-facing servers > > "randomly" chose the same keys or key factors, thus completely broken > > cryptography, and the owners are unaware because they thought they > chose > > random keys. > > Any link to the studies? - I was not able to find anything relevant. > Is this related to the 2008 Debian OpenSSL snafu?
Not the debian thing. http://arstechnica.com/business/news/2012/02/crypto-shocker-four-of-every-10 00-public-keys-provide-no-security.ars There was also an article in the new york times (which I can't find now) and various other news sources. But I figure the arstechnica link is probably sufficient. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
