# GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]

Robert J. Hansen rjh at sixdemonbag.org
Wed May 14 22:15:40 CEST 2014

```> First, the Margolus-Levitin limit: "6.10^33 ops.J^{-1}.s^{-1} maximum"
> So, dividing the 2^128 by 6.10^33 gives me a bit less than 57000 J.s
> (assuming testing an AES key is a single operation). So, that's less
> than 1min for 1kJ. Pretty affordable, I believe.

No.  But since I'm going to be giving a lot of explanation here about
how you're misusing the Landauer Bound, I'm going to leave how you're
misusing the Margolus-Levitin Limit as a homework exercise.  :)

> Again, assuming testing an AES key is a single bit flip

It's not.  You have to rekey the cipher.  This multiplies the energy
by about a large factor.  To make the math easier, let's call it a
million.

> According to Wikipedia still, the lowest temperature recorded on Earth is
> 10^{-10} K.

If you want to run the temperature lower than the ambient temperature
of the cosmos (3.2K), you have to add energy to run the heat pump --
and the amount of energy required to run that heat pump will bring
your energy usage *above* that which you would've had if you'd just
run it in deep space at 3.2K.

So multiply your previous estimate by a factor of ten billion, in
order to reflect running it at ambient temperature.

10^10 * 10^6 = 10^16.  So far your estimate is off by a factor of a
thousand trillion.

> So, despite bruteforcing being obviously impossible in this day and age, and
> most likely impossible in the near future, it seems to me that the following
> statement is exaggerated: "The results are profoundly silly: it’s
> enough to boil the oceans and leave the planet as a charred, smoking
> ruin."

Assuming you could do AES in a single bitflip, it would require