Mainkey with many subkeys??
Peter Lebbing
peter at digitalbrains.com
Fri Dec 12 13:01:35 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/12/14 15:15, Tomo Ruby wrote:
> I really know only of this approach: The more encrypted/signed data I
> spread over the web, the easier it might be for an attacker to calculate
> the secret key.
If this was advice directly relating to OpenPGP: Do not take advice from the
person/site who told you this. They shouldn't be giving advice if this is
their advice.
For all practical purposes, this is impossible. You don't get an improved chance
of computing the secret key with more ciphertexts and/or signatures; not in any
meaningful way.
Applications using symmetrical ciphers sometimes have provisions to rotate keys
after a certain amount of time or data has passed, but this is completely
unrelated to OpenPGP keys, which are of a very different nature. OpenPGP keys
are asymmetrical and only encrypt session keys or sign hashes, they never
operate on the underlying data directly.
The whole argument "the more encrypted data there is, the easier it is to crack"
is a complete fallacy anyway. Anybody with your public key can create an
unlimited amount of data encrypted to you; it's decrypting it that can only be
done by you. If the availability of data encrypted to a key would be a way to
compute the private key, that way would always already be available to an
attacker. Fortunately, it doesn't work that way at all.
HTH,
Peter.
- --
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list