It would be nice to organize an effort to collect as many public keys as possible and run them through the Infineon weak key detector.
Folks on the Mozilla security policy mailing list are planning on running all of crt.sh over it.
-
-
Maybe I should write a tool to harvest public keys from Authenticode-signed executables.
-
I guess breaking those keys would be less damaging due to timestamping? Though I'm not sure how all the codesigning stuff really works.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.