[SSL Observatory] Duplicate private keys
Chris Palmer
chris at eff.org
Mon Apr 4 23:35:55 PDT 2011
On Apr 4, 2011, at 7:02 PM, Andy Isaacson wrote:
> There are thousands of certs in the observatory with duplicate public
> exponent values but distinct, valid Subject strings. The most
> promiscuous public exponent is present in 780 distinct certificates (all
> with distinct CN= strings). The ones I checked appear to be low-rent
> but legitimate commercial websites. They're not all hosted on the same
> IP netblock or ISP.
Are these possibly also among the weak Debian keys? That might explain the re-use.
More information about the Observatory
mailing list