The internet is getting safer but legacy encryption techniques still linger
A new report from Venafi, based on in-depth security analysis of the world's top million websites over the last 18 months, shows the internet is becoming more secure.
Use of encryption is increasing and the adoption of newer TLS protocols is rising. However, many companies continue to use legacy RSA encryption algorithms to generate keys, despite stronger protocols being available.
The report finds that 72 percent of sites now actively redirect traffic to use HTTPS -- a 15 percent increase since March 2020 -- whilst almost one in five of the top million sites now use HSTS (HTTP Strict Transport Security) -- a 44 percent increase since March 2020.
More than half of the top million sites that use HTTPS are using TLSv1.3, the latest version of TLS (Transport Layer Security), which has overtaken TLSv1.2 to become the most popular protocol version.
Among other findings is that RSA continues to be preferred in digital signature algorithms, with 50.47 percent of sites using it.
"I was hoping that the uptake in TLSv1.3 would push people to use ECDSA keys for authentication instead of RSA because they are much more secure, but sadly, that hasn't happened," says security researcher and encryption expert Scott Helme. "It seems that RSA is still the preferred key algorithm by quite a considerable margin. Organizations say they keep RSA around for legacy clients that don't yet support ECDSA, but the huge rise in TLSv1.3 use is at odds with that notion because it isn't supported by legacy clients either."
The research also shows that Let's Encrypt now leads the CA (Certificate Authority) market for TLS -- a particularly notable achievement, given that in 2016 Let’s Encrypt was completely absent from the top million. 28 percent of sites scanned use Let's Encrypt, with Let's Encrypt and Cloudflare accounting over half of the top 1 million TLS certificates in use.
You can read more about the findings on the Venafi blog.