Cryptography across industry sectors

Abstract

Security adoption varies across industry sectors, where some companies such as Google, Apple and Microsoft are strong advocates of the adoption of HTTPS, while other companies, especially for news sites, have weak adoption. This paper provides a sample analysis of the Top 500 Websites within Alexa Top 1 Million sites for industry sectors, and analyses their HTTP responses, such as in the cryptography methods used and the usage of Content-Security-Policy. It concludes that the adoption of security is strongest within Computers industry sector, while it is much weaker within News and Sports. The paper also shows that the most popular method for creating a Secure Socket Layer tunnel is Elliptic Curve Diffie–Hellman with RSA for the key exchange, 256-bit AES GCM for the encryption of the stream and 384-bit SHA for hashing. It does highlight worrying signs of the usage of wellknown weak cryptography methods, such as for Diffie–Hellman, RC4, MD5 and DES. With the adoption of the Let’s Encrypt digital certificate, the paper shows that the industry sector that has most traction is in Adult sites, and its adoption is much lower in more business-focused industry areas.