Badkeys - Finding Weak Cryptographic Keys At Scale

Explore the world of cryptographic key vulnerabilities in this 39-minute conference talk from Nullcon Berlin. Discover "badkeys," a tool, web service, and API designed to check cryptographic keys for known weaknesses. Learn about various cryptographic vulnerabilities found in public keys used for SSH, TLS, and other protocols, including the 2008 Debian OpenSSL bug, ROCA vulnerability, and the 2021 keypair key generation vulnerability. Understand how access to large databases of cryptographic keys enables searching for vulnerabilities at scale. Gain insights into a previously theoretical vulnerability that allows easy calculation of private keys, discovered in live TLS certificates and IoT devices. Hear from security researcher and IT journalist Hanno Böck as he shares his expertise on TLS vulnerabilities and discusses the importance of identifying weak cryptographic keys in today's digital landscape.