[SSL Observatory] Duplicate private keys

Andrew Birrell birrell at microsoft.com
Tue Apr 5 11:43:25 PDT 2011


The raw data from the Spring 2010 dataset, which I have in a database of my own, breaks down into the following distribution of public key algorithms.  (These numbers are after eliminating duplicate certs, and include certs not trusted by FF and IE.)

+----------------------+----------+
| Algorithm            | Count    | 
+----------------------+----------+
| RSA                  |  5603192 | 
| 1.2.840.10045.2.1    |        6 | 
| DSA                  |     2890 | 
| 1.2.643.2.2.19       |      359 | 
| 0.0                  |        1 | 
| 1.2.643.2.2.20       |       18 | 
| 1.3.14.3.2.12        |        3 | 
| 1.2.840.113536.1.1.1 |        1 | 
+----------------------+----------+

There are 1857 different issuers for the DSA ones.

Andrew

-----Original Message-----
From: observatory-bounces at eff.org [mailto:observatory-bounces at eff.org] On Behalf Of Peter Gutmann
Sent: Monday, April 04, 2011 10:45 PM
To: Peter Eckersley
Cc: observatory at eff.org
Subject: Re: [SSL Observatory] Duplicate private keys

Peter Eckersley <pde at eff.org> writes:

> These are all DSA I think.  The number has grown to 25 in the December
> dataset:

Wow, a whole 25 certs out of how many million?  That's almost as many as the
number of ones using the CA's CEO's shoe size as the exponent, and is rapidly
approaching the number using the IT director's license-plate number as the
exponent.

Is there any pattern there?  Are they all used by the same organisation, or
issued by the same CA?

Peter.





More information about the Observatory mailing list