GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]

Robert J. Hansen rjh at sixdemonbag.org
Sat May 17 02:05:40 CEST 2014


This is the last I will be saying on the subject.  I am not interested
in teaching a course on thermodynamics.

> Well... A nuclear reactor produces 1GW, and thus produces 1PJ in
> 10^6 s, that is approx. 11 days 14 hrs. Sure, you may be very
> interested in Health & Safety compliance of nuclear reactors, but...

But what?  This in the same ballpark as you'd get from releasing a
half-kilogram of antimatter on the world.  It's big.  There are no
"but..."s about it.

> Well... Currently, at a French equivalent of undergrad level (CPGE), 
> we're learning entropy is a theoretical quantity, that has no 
> real-world meaning

There are two equivalent ways to define entropy, one using
thermodynamics and one using statistical mechanics.  When using the
statistical mechanics definition it's easy to forget you're talking
about the real world instead of just juggling around a lot of numbers
and probabilities.  When using the thermodynamic definition you get your
fingers burned and that reminds you you're talking about
*thermodynamics* -- how heat moves around in a system.

> Well... If the operation the bit just underwent was a bitflip (and, 
> knowing the bruteforcing circuit, it's possible to know that), the 
> bit was a '0'.

It was actually a 1.  The two bits were 1 and 1.  Knowing the second
value was a 1 is of no help whatsoever in recovering the previous state.
The previous state could have been anything.  The bit has no memory of
what it was before: that information is lost to the universe, and there
is a corresponding increase in entropy (heat) associated with it.





More information about the Gnupg-users mailing list