* Dr. Stephen Henson wrote on Wed, Sep 02, 2009 at 15:08 +0200: > Including a public key certificate in no way risks the > integrity of its private key as several others have said in > this thread.
I think this theoretically opens the possibility to brute-force the private key. I think that Brute-forcing a private key without knowing the public key would be more difficult and problematic, because some network connection, smart card access or alike would be needed to test whether a guessed key is correct or not. When knowing the public key this can be determined quickly. Otherwise, tracks on networks could be left, smartcards fail counters may exeede or alike. Waiting for smartcards to compute RSA or networks to reply also should be much slower (limiting the number of key tests to a few per minute). Is this theoretically true (althrough far from practical effects)? (of course, it is considered hard to brute-force a reasonable private key, such as 1024 bit RSA.) oki, Steffen --[ end of message ]----------------------------------------------->8======= ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
