Hacker News new | past | comments | ask | show | jobs | submit login

Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.



If they don't know they were breached, don't the odds favor the replaced key likewise getting re-stolen immediately?


Yes, but the odds are less than infinite, i.e. the probability is less than 1.0. At least some of such attacks take effort.


It's a pretty narrow threat model for Alice to get her cert stolen by Bob, be completely unaware that this has happened, and the means Bob used only works once.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: