On Tue, Feb 1, 2011 at 00:35, Dick Gevers <[email protected]> wrote: > On Tue, 01 Feb 2011 00:15:36 +0100, Michael Scherer wrote about Re: > [Mageia-dev] PGP keys and package signing: > >>Le lundi 31 janvier 2011 à 21:49 +0000, Dick Gevers a écrit : >>> On Mon, 31 Jan 2011 17:18:25 +0100, Michael Scherer wrote about Re: >>> [Mageia-dev] PGP keys and package signing: >>> >>> >The problem is not leaking the key, it is about cryptographic attacks >>> >about older keys. >>> > >>> >If in 10 years, there is some technology that allows people to get our >>> >private key by bruteforce on the public one >>> >>> You can never ever obtain the private key from the public one, that is >>> impossible. It can only be compromised if someone looses the private key >>> plus the password is cracked. >> >>Some secure systems have been seen compromised ( like >>http://www.win.tue.nl/hashclash/rogue-ca/, who explain how the whole SSL >>business was compromised 2 years ago, or see the GSM being cracked at >>this year 27C3 ). >> >>And Debian also got ride of older vulnerable gpg keys ( see >>http://lists.debian.org/debian-devel-announce/2010/04/msg00018.html and >>http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html ), >>so I would not be so optimistic about the "never". >> >>Technically, MD5 should not have been reversible, but see how easy it is >>using a rainbow table. Granted, that's a 20 year protocol, but that's >>still widely used in lots of software. > > Sorry, but I am not convinced: the gpg key we are talking about consists of > 2 parts: the private key is separate from the public key, or signing key. > The signing key is a separate or subkey and does not contain any part of the > private key. So you can throw any amount of computing power at it, but > there is nothing inside the public key that will enable the rebuilding of > the private key from it.
Encrypt stuff with the public one, try to decrypt it with the 2^4096 (or whatever) possible private keys.
