GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]

Robert J. Hansen rjh at
Thu May 15 15:14:55 CEST 2014

On 5/15/2014 8:30 AM, gnupg-users at wrote:
> The save of 64 bits to 1 bit loses you 6 bits exponential complexity,
> the increase of the expected number of tries increases it again by 1
> bit, so you have saved 2^5 = 32 = 10^1.5 on the numbers Rob gives. When
> I'm quickly reading through the calculations, it seems we changed it
> from 100 nuclear warheads to only 3, to scan the whole keyspace.

Huh: neat!  It doesn't surprise me that there are interesting ways to
tweak the numbers: my calculation is something that would have to assume
vast pretensions of standing just to be considered worthy to go on the
back of a bar napkin.  :)

> The thing I'm saying is: the explanation for taking 10^2 as the amount
> of bitflips for a single try doesn't seem convincing. It makes it seem
> that you can actually save computation by linearly searching your keyspace.

Point.  If/when I make a revision of it I'll review it.  :)

More information about the Gnupg-users mailing list