[cryptography] The lesser-known public key in embedded devices

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Oct 7 18:32:54 EDT 2012


I was recently sitting downstream of a Deutsche Telekom Speedport router and
noticed that it used a certificate signed by a commercial CA (issued to the
wrong name and expired, but that's another story).  The fact that it's a
commercial CA cert indicates that there's only one of them for all Speedport
devices, which in turn indicates that they all share the same private key.

Has anyone looked into this further?  I lost access to the Speedport shortly
after I noticed this.

(Hat tip to Blake Ramsdell for the term "lesser-known public key").

Peter.



More information about the cryptography mailing list