We performed a sanity check of public keys collected on the web and found that the vast majority works as intended. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that this is not always the case, resulting in public keys that offer no security. Our conclusion is that generating secure public keys in the real world is challenging. We did not study usage of public keys.

Full paper: Ron was wrong, Whit is right, Cryptology ePrint Archive: Report 2012/064

http://eprint.iacr.org/2012/064

In  Crypto 2012

Publisher  Springer

Details