|
|
|
|
|
|
by tomputer
826 days ago
|
|
|
> reusing private keys is an enormous vulnerability. As long as the private key is stored/handled safely and RSA/ECC is not broken, it is not vulnerable. I do agree that key rotation is better/recommended practice. > a single leaked private key means your entire site is compromised The leak is the actual vulnerability. As long as the leak is still there and you are not aware of the compromised private key, a fresh new private key will probably leak again. However, the chances of leaking may be greater if a private key has to be used in multiple locations. |
|
|