CAs Reissue Over One Million Weak Certificates
Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the required entropy. This really isn’t a security problem; the serial numbers are to protect against attacks that involve weak hash functions, and we don’t allow those weak hash functions anymore. Still, it’s a good thing that the CAs are reissuing the certificates. The point of a standard is that it’s to be followed.
Andre de Amorim • March 18, 2019 7:31 AM
Software development cycle on my view;
then check if the code met the specifications.
Regards to the CA and ‘1M’, btc started with ’20M’
😉