Am Montag, den 25.09.2006, 01:28 +0200 schrieb Philipp Gühring:
> Hi,
> We have been researching, which vendors were generating Exponent 3 keys, and 
> we found the following until now:
> * Cisco 3000 VPN Concentrator
> * CSP11
> * AN.ON / JAP (they told me they would change it on the next day)
> (perhaps more to come)
> My current estimate is that 0.26% of the certificates in the wild have 
> Exponents <=17

I did a little survey one month ago for my bsc. thesis.

I found out, that round about 1.19% of all https-server-certs use an
exponent <= 17. I did choose round about 32,000 random webservers for
this survey.

What is intresting is what happens when it comes to imap-ssl. Here, only
0.1% of all servers use a server-cert with exponent <= 17. Imap-ssl
users seem to be the better ssl-users, tls 1.0 is more widespread there,
small rsa-modulus-sizes are more seldom, and ssl 2.0 is not so common
there too.

I will publish some more details later.

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Reply via email to