Le lundi 31 janvier 2011 à 21:49 +0000, Dick Gevers a écrit : > On Mon, 31 Jan 2011 17:18:25 +0100, Michael Scherer wrote about Re: > [Mageia-dev] PGP keys and package signing: > > >The problem is not leaking the key, it is about cryptographic attacks > >about older keys. > > > >If in 10 years, there is some technology that allows people to get our > >private key by bruteforce on the public one > > You can never ever obtain the private key from the public one, that is > impossible. It can only be compromised if someone looses the private key > plus the password is cracked.
Some secure systems have been seen compromised ( like http://www.win.tue.nl/hashclash/rogue-ca/, who explain how the whole SSL business was compromised 2 years ago, or see the GSM being cracked at this year 27C3 ). And Debian also got ride of older vulnerable gpg keys ( see http://lists.debian.org/debian-devel-announce/2010/04/msg00018.html and http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html ), so I would not be so optimistic about the "never". Technically, MD5 should not have been reversible, but see how easy it is using a rainbow table. Granted, that's a 20 year protocol, but that's still widely used in lots of software. -- Michael Scherer
