• AgreeableLandscapeM
    link
    fedilink
    arrow-up
    14
    arrow-down
    2
    ·
    3 years ago

    That’s a really short private key though. Anyone want to do a feasibility analysis on brute forcing it?

    • kevincox
      link
      fedilink
      arrow-up
      9
      ·
      3 years ago

      That doesn’t seem very short. I can’t pull exact numbers from the image but let’s assume hex for simplicity (the original appears to have much more than 16 characters) and about 100 characters. That is 50 bytes or 400bits of private key. That is very difficult to brute force. For example Ed25519 uses 256bit keys.

      Of course this isn’t a perfect analysis:

      1. Required entropy depends on the algorithm.
      2. There is likely more entropy in that tweet if we want to guess the charset.
      3. GPG private keys have more metadata stored than just the key material, so we would need to subtract that.