How difficult is it to break the OpenPGP 40 character long fingerprint?

Robert J. Hansen rjh at
Mon Apr 1 22:58:31 CEST 2013

On 04/01/2013 12:24 PM, adrelanos wrote:
> How difficult, i.e. how much computing power and time is required to
> create a key, which matches the very same fingerprint?
> Isn't 40 chars a bit weak?

(Nothing I am writing here is sarcastic or non-factual.)

At present, the only way to do a preimage attack on SHA-1 (as opposed to
a random collision) is brute-force, so about 2**159 operations.  If
you've got a PC that operates at the thermodynamic limits of the
universe and can compute a SHA-1 hash in only 1000 bitflips, and you
want to achieve this collision within the space of a year, then you're
looking at needing to use about 100 exatons or more of energy.

This is considerably more than the gravitational binding energy of the
earth: as in, 100 exatons is enough to send every single rock in the
Earth flying away from all the other rocks faster than the Earth's
escape velocity.  100 exatons is enough energy to notably warp the local
spacetime continuum and would slightly perturb orbits of other planets.

No one will ever brute-force a SHA-1 fingerprint.  Maybe in five or ten
or twenty or a hundred years someone will figure out a way to do it that
doesn't involve brute-force, but for right now preimage attacks on SHA-1
are well in the realm of science fiction.

More information about the Gnupg-users mailing list