• kevincox
    link
    fedilink
    arrow-up
    9
    ·
    3 years ago

    That doesn’t seem very short. I can’t pull exact numbers from the image but let’s assume hex for simplicity (the original appears to have much more than 16 characters) and about 100 characters. That is 50 bytes or 400bits of private key. That is very difficult to brute force. For example Ed25519 uses 256bit keys.

    Of course this isn’t a perfect analysis:

    1. Required entropy depends on the algorithm.
    2. There is likely more entropy in that tweet if we want to guess the charset.
    3. GPG private keys have more metadata stored than just the key material, so we would need to subtract that.