Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
This conference talk reveals how TLS certificates are systematically reusing private keys by the millions, undermining fundamental web security protections. Explore research findings from an analysis of 7 billion certificates logged in Certificate Transparency that uncovered alarming patterns, including organizations like Verizon reusing the same key for 10 years despite revoking it in the first year. Learn about cases where compromised keys continued to be used for new certificate issuance, and discover how even short-lived 90-day certificates often reuse the same private key for a decade. The speakers also share findings from examining 58 million GitHub users' SSH keys, identifying 100,000 SSH keys shared between multiple accounts, and even instances where the same keys were used for both TLS certificates and GitHub SSH authentication. Gain insights into common certificate generation frameworks that perpetuate this risky practice, and access an open-source tool for identifying certificates with reused private keys. This OWASP Foundation presentation delves into the widespread dangers of encryption key reuse and the current security threats it poses.
