How difficult is it to break the OpenPGP 40 character long fingerprint?

Melvin Carvalho melvincarvalho at
Tue Jun 4 15:09:10 CEST 2013

On 3 June 2013 19:20, Daniel Kahn Gillmor <dkg at> wrote:

> On 06/03/2013 08:04 AM, Melvin Carvalho wrote:
> > Bitcoin is essentially a ledger where you have an array of fingerprints
> > (160 bit hashes of a public key) and a value (number of coins in wallet).
> i thought that bitcoin didn't hash the public keys at all, but rather
> used the full elliptic curve public key, since it is smaller than
> comparably-strong RSA or DSA keys.  I don't know much about bitcoin
> though so i could be mistaken here.

Here's a good page that shows how it's hashed:

essentially its

prefix . ripemd-160(sha256(pubKey)) . checksum

base58 encoded with a custom alphabet

> > Unfortunately bitcoin only supports ECDSA and not RSA.  But I wonder if a
> > fingerprint of your GPG key could be used as the basis of a payment
> ledger?
> The OpenPGP standard supports elliptic curve keys directly:
> GnuPG will add support for these keys in version 2.1 (now in beta).  If
> you wanted to make an assertion about your ownership of a given bitcoin
> purse it seems like you might be able to do that.
> however, the specific curves used seem to differ:
> According to,
>    For ECDSA the secp256k1 curve from
> is used.
> refers to NIST curve
> P-256, which i think is different :/

That's great.  Satoshi used the Koblitz curve for performance.  I noticed
this one is also not in the upcoming Web Crypto API, I believe it's related
to that curve not being in browser NSS (network security services).

> Still, it seems like it wouldn't be difficult to use your OpenPGP
> identity make assertions about your possession of any given bitcoin
> wallet, they just wouldn't be digested into the global bitcoin
> transaction log.

That's OK, I'm curious about making a system that doesnt necessarily go
onto the bitcoin block chain, but could be used with GPG keys, making each
keypair a theoretical wallet.

> Does this address what you were asking about?  if not, what problem are
> you trying to solve specifically?

Yes very helpful.  The question is whether the fingerprint contains enough
entropy such that it would be impractical for an attacker to find a key
that hashes to it either with preimage or birthday attack...

>         --dkg
> PS your MUA seems to think that this list is named "Jay Litwyn on
> GnuPG-Users <gnupg-users at>" -- you probably want to update your
> addressbook :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130604/42007aad/attachment-0001.html>

More information about the Gnupg-users mailing list