William A. Rowe, Jr. wrote: > Hagai asks how prevalent such exponent 3 public or commercial > signing keys still are? Someone stated they are in "wide use". > This is not 'private' information, and Hagai just asked if someone > has done the actual research of affected public/commercial signing > authorities?
Here are two data points: 1) On my Windows XP laptop, I used the "certmgr" tool to export all trusted root CA certificates from Windows certificate store, and parsed the file using "openssl pkcs12". Of the 114 certificates, 8 used exponent 3; all others used 65537. 2) I downloaded the Mozilla NSS 3.11.2 library (used by e.g. Firefox), and parsed the built-in CA certificates in file mozilla/security/nss/ lib/ckfw/builtins/certdata.txt. Of the 96 certificates, 8 used exponent 3, one used 50557, and all others used 65537. (The number 8 seems to be a coincidence; most of those certificates weren't the same in these two samples.) Best regards, Pasi ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
