Comment by H8crilA

Comment by H8crilA 6 months ago

3 replies

View on Hacker News

Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.

yjftsjthsd-h 6 months ago

If they don't know they were breached, don't the odds favor the replaced key likewise getting re-stolen immediately?

Reply View 1 reply
  • H8crilA 6 months ago

    Yes, but the odds are less than infinite, i.e. the probability is less than 1.0. At least some of such attacks take effort.

    Reply View 0 replies
Spivak 6 months ago

It's a pretty narrow threat model for Alice to get her cert stolen by Bob, be completely unaware that this has happened, and the means Bob used only works once.

Reply View 0 replies