On Sun, Apr 02, 2017 at 07:12:38PM -0400, Robert J. Hansen wrote:
> > 2. Enumerating the possible signature of that certain message and
> > using the target's public key to verify if one of the signatures is
> > correct.
>
> I'm not sure what you mean here; that's not how signatures work.
> Signat
> I believe the OP is asking whether it'd be easier to brute-force a
> signature than it is to brute-force a private key.
Unimaginably harder to brute-force a sig.
Since RSA is deterministic (at least, naïve RSA is), a sig is done on a
digest (of let's say size 256 bits) and there are 2**256 diff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello everyone!
When an adversary attempts to create someone's GPG signature of a
certain message, there are at least two ways to do so:
1. Computing the private key from the public key of the target and
then using the private key to sign the messag
> 1. Computing the private key from the public key of the target and
> then using the private key to sign the message;
The difficulty of this is dependent on the length of the asymmetric key.
NIST's guidance is that cracking a 1024-bit key is about 2**80 work, a
2048-bit key is about 2**112 work,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello everyone!
When an adversary attempts to create someone's GPG signature of a
certain message, there are at least two ways to do so:
1. Computing the private key from the public key of the target and
then using the private key to sign the messag
