Assessing Security of Digital Certificates at Scale

Explore a DEF CON 31 conference talk that delves into the critical assessment of digital certificate security at scale. Learn about the vulnerabilities arising from poor entropy sources in key generation and discover tools and techniques for identifying weak keys across large datasets. Master efficient multithreaded implementations of network monitors, scanners, certificate parsers, and mathematical tests, including the batch greatest common divisor test (BGCD) for identifying RSA public keys with common factors. Understand how to audit HTTPS servers, process over 100 million keys, detect RSA keys with shared factors, and generate corresponding private keys. Get hands-on experience with producing and utilizing PEM files for factored keys, while gaining insights from real-world findings that demonstrate the importance of robust entropy sources in maintaining certificate security.