"Half of Websites Still Using Legacy Crypto Keys"

According to new research, the internet is becoming more secure overall, but slightly more than half of websites' digital keys are still generated via legacy encryption algorithms.  Security firm Venafi analyzed the world’s top one million sites over the past 18 months.  The company published their findings in a report titled "TLS Crawler Report."  The researchers found that nearly three-quarters (72%) of sites now actively redirect traffic to use HTTPS, an increase of 15% since March 2020. Even better, more than half of the sites studied that use HTTPS are on the latest version of TLS: TLSv1.3. It has now overtaken TLSv1.2 to become the most popular protocol version.  The researchers also found that almost one in five of the top one million sites currently use the more secure HSTS (HTTP Strict Transport Security), which is a 44% increase since March 2020.  The number of top one million sites using EV certificates is at its lowest point ever in the last six years of analysis. The researchers also found that much more user-friendly Let’s Encrypt is now the leading Certificate Authority for TLS certificates, with 28% of sites using it.  The researchers also found that nearly 51% of sites still use legacy RSA encryption algorithms to generate authentication keys.  The researchers stated that RSA is significantly less secure than modern alternative ECDSA, a public key cryptography encryption algorithm which boasts greater computational complexity and smaller authorization keys. 

Infosecurity reports: "Half of Websites Still Using Legacy Crypto Keys"