How difficult is it to break the OpenPGP 40 character long fingerprint?
melvincarvalho at gmail.com
Tue Jun 4 15:09:10 CEST 2013
On 3 June 2013 19:20, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On 06/03/2013 08:04 AM, Melvin Carvalho wrote:
> > Bitcoin is essentially a ledger where you have an array of fingerprints
> > (160 bit hashes of a public key) and a value (number of coins in wallet).
> i thought that bitcoin didn't hash the public keys at all, but rather
> used the full elliptic curve public key, since it is smaller than
> comparably-strong RSA or DSA keys. I don't know much about bitcoin
> though so i could be mistaken here.
Here's a good page that shows how it's hashed:
prefix . ripemd-160(sha256(pubKey)) . checksum
base58 encoded with a custom alphabet
> > Unfortunately bitcoin only supports ECDSA and not RSA. But I wonder if a
> > fingerprint of your GPG key could be used as the basis of a payment
> The OpenPGP standard supports elliptic curve keys directly:
> GnuPG will add support for these keys in version 2.1 (now in beta). If
> you wanted to make an assertion about your ownership of a given bitcoin
> purse it seems like you might be able to do that.
> however, the specific curves used seem to differ:
> According to https://en.bitcoin.it/wiki/Protocol_specification,
> For ECDSA the secp256k1 curve from
> http://www.secg.org/collateral/sec2_final.pdf is used.
> https://tools.ietf.org/html/rfc6637#section-11 refers to NIST curve
> P-256, which i think is different :/
That's great. Satoshi used the Koblitz curve for performance. I noticed
this one is also not in the upcoming Web Crypto API, I believe it's related
to that curve not being in browser NSS (network security services).
> Still, it seems like it wouldn't be difficult to use your OpenPGP
> identity make assertions about your possession of any given bitcoin
> wallet, they just wouldn't be digested into the global bitcoin
> transaction log.
That's OK, I'm curious about making a system that doesnt necessarily go
onto the bitcoin block chain, but could be used with GPG keys, making each
keypair a theoretical wallet.
> Does this address what you were asking about? if not, what problem are
> you trying to solve specifically?
Yes very helpful. The question is whether the fingerprint contains enough
entropy such that it would be impractical for an attacker to find a key
that hashes to it either with preimage or birthday attack...
> PS your MUA seems to think that this list is named "Jay Litwyn on
> GnuPG-Users <gnupg-users at gnupg.org>" -- you probably want to update your
> addressbook :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users