How difficult is it to break the OpenPGP 40 character long fingerprint?

Melvin Carvalho melvincarvalho at gmail.com
Tue Jun 4 15:09:10 CEST 2013


On 3 June 2013 19:20, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> On 06/03/2013 08:04 AM, Melvin Carvalho wrote:
>
> > Bitcoin is essentially a ledger where you have an array of fingerprints
> > (160 bit hashes of a public key) and a value (number of coins in wallet).
>
> i thought that bitcoin didn't hash the public keys at all, but rather
> used the full elliptic curve public key, since it is smaller than
> comparably-strong RSA or DSA keys.  I don't know much about bitcoin
> though so i could be mistaken here.
>

Here's a good page that shows how it's hashed:

http://gobittest.appspot.com/Address

essentially its

prefix . ripemd-160(sha256(pubKey)) . checksum

base58 encoded with a custom alphabet


>
> > Unfortunately bitcoin only supports ECDSA and not RSA.  But I wonder if a
> > fingerprint of your GPG key could be used as the basis of a payment
> ledger?
>
> The OpenPGP standard supports elliptic curve keys directly:
>
>   https://tools.ietf.org/html/rfc6637
>
> GnuPG will add support for these keys in version 2.1 (now in beta).  If
> you wanted to make an assertion about your ownership of a given bitcoin
> purse it seems like you might be able to do that.
>
> however, the specific curves used seem to differ:
>
> According to https://en.bitcoin.it/wiki/Protocol_specification,
>
>    For ECDSA the secp256k1 curve from
> http://www.secg.org/collateral/sec2_final.pdf is used.
>
> https://tools.ietf.org/html/rfc6637#section-11 refers to NIST curve
> P-256, which i think is different :/
>

That's great.  Satoshi used the Koblitz curve for performance.  I noticed
this one is also not in the upcoming Web Crypto API, I believe it's related
to that curve not being in browser NSS (network security services).


>
> Still, it seems like it wouldn't be difficult to use your OpenPGP
> identity make assertions about your possession of any given bitcoin
> wallet, they just wouldn't be digested into the global bitcoin
> transaction log.
>

That's OK, I'm curious about making a system that doesnt necessarily go
onto the bitcoin block chain, but could be used with GPG keys, making each
keypair a theoretical wallet.


>
> Does this address what you were asking about?  if not, what problem are
> you trying to solve specifically?
>

Yes very helpful.  The question is whether the fingerprint contains enough
entropy such that it would be impractical for an attacker to find a key
that hashes to it either with preimage or birthday attack...


>
>         --dkg
>
> PS your MUA seems to think that this list is named "Jay Litwyn on
> GnuPG-Users <gnupg-users at gnupg.org>" -- you probably want to update your
> addressbook :)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130604/42007aad/attachment-0001.html>


More information about the Gnupg-users mailing list