Am Montag, den 25.09.2006, 01:28 +0200 schrieb Philipp Gühring: > Hi, > > We have been researching, which vendors were generating Exponent 3 keys, and > we found the following until now: > > * Cisco 3000 VPN Concentrator > * CSP11 > * AN.ON / JAP (they told me they would change it on the next day) > (perhaps more to come) > > My current estimate is that 0.26% of the certificates in the wild have > Exponents <=17

I did a little survey one month ago for my bsc. thesis. I found out, that round about 1.19% of all https-server-certs use an exponent <= 17. I did choose round about 32,000 random webservers for this survey. What is intresting is what happens when it comes to imap-ssl. Here, only 0.1% of all servers use a server-cert with exponent <= 17. Imap-ssl users seem to be the better ssl-users, tls 1.0 is more widespread there, small rsa-modulus-sizes are more seldom, and ssl 2.0 is not so common there too. I will publish some more details later.

**
signature.asc**

*Description:* Dies ist ein digital signierter Nachrichtenteil