The H reports
that found a significant number of RSA public keys are not secure. "Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The modulus is the core component of a public key – if it is the same, then the secret key matches. In one extreme case, the same modulus was found 16,489 times. This means that each of the owners of the 16,489 certificates could spoof or spy on each of the other 16,488. The researchers note that it is not unusual to recycle keys when, for example, extending a certificate, but a significant number of these keys belong to entirely independent owners.
" Interestingly, OpenPGP keys generated by GPG do not seem to suffer from this problem.
to post comments)