A long term study (48 months) has been conducted to analyze and test a
large number of cryptographic keys, collected from open and public
sources and across a variety of protocols (HTTPS, POP3S, IMAPS, SMTPS,
SSH, PGP), in order to identify possible issues and generate metrics.
The presentation will discuss data collection and aggregation, how
cryptographic keys have been analyzed and tested to find security
issues, how the evaluation led to the discovery of large numbers of
insecure keys, and how the lack of test suites may make the process very
difficult to automate.