Recent research has highlighted a concerning class of RSA keys characterized by a high frequency of zeros, which have been found in real-world applications. The findings emerged from the badkeys project, an open-source initiative that assesses public keys for vulnerabilities. By analyzing a large dataset, including Certificate Transparency logs and various internet scans, the researchers uncovered a substantial number of RSA keys that exhibit weak patterns, potentially making them susceptible to factoring attacks. The implications of these findings suggest that many organizations may unknowingly be using insecure RSA keys, which could compromise their cryptographic integrity.
For businesses, this underscores the critical need for proactive key management and security auditing practices. Organizations should regularly evaluate their cryptographic systems and ensure that their RSA keys do not exhibit vulnerabilities that could be exploited by attackers. This research matters significantly in the context of cybersecurity, as it highlights an overlooked area of risk within widely used encryption standards. As businesses increasingly rely on RSA for secure communications, addressing these vulnerabilities is essential to maintaining trust and integrity in digital transactions.
---
*Originally reported by [Schneier on Security](https://www.schneier.com/blog/archives/2026/06/factoring-rsa-keys-with-many-zeros.html)*