Rebuilding the private key from signatures

Aaron Toponce aaron.toponce at gmail.com
Thu Feb 24 15:09:11 CET 2011


I generated my key back in 2004, and I've been a very vocal and active
supporter of GnuPG, encrypting communications, and digitally signing
mail. However, I was in a discussion with a friend, and the topic came
up that it is theoretically possible to rebuild your private key if
someone had access to all your signed mail. We debated the size of
signatures and mail that would need to be collected for this to be
probable.

Is it?

What is the likelihood that an attacker could rebuild a private key from
a collections of signed mail, and would it depend on the hash used in
the algorithm?

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110224/96c0ce03/attachment.pgp>


More information about the Gnupg-users mailing list