by Enrico Branca, OWASP
45min
A long term study (48 months) has been conducted to analyze and test a large number of cryptographic keys, collected from open and public sources and across a variety of protocols (HTTPS, POP3S, IMAPS, SMTPS, SSH, PGP), in order to identify possible issues and generate metrics. The presentation will discuss data collection and aggregation, how cryptographic keys have been analyzed and tested to find security issues, how the evaluation led to the discovery of large numbers of insecure keys, and how the lack of test suites may make the process very difficult to automate.