-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/12/14 15:15, Tomo Ruby wrote: > I really know only of this approach: The more encrypted/signed data I > spread over the web, the easier it might be for an attacker to calculate > the secret key.
If this was advice directly relating to OpenPGP: Do not take advice from the person/site who told you this. They shouldn't be giving advice if this is their advice. For all practical purposes, this is impossible. You don't get an improved chance of computing the secret key with more ciphertexts and/or signatures; not in any meaningful way. Applications using symmetrical ciphers sometimes have provisions to rotate keys after a certain amount of time or data has passed, but this is completely unrelated to OpenPGP keys, which are of a very different nature. OpenPGP keys are asymmetrical and only encrypt session keys or sign hashes, they never operate on the underlying data directly. The whole argument "the more encrypted data there is, the easier it is to crack" is a complete fallacy anyway. Anybody with your public key can create an unlimited amount of data encrypted to you; it's decrypting it that can only be done by you. If the availability of data encrypted to a key would be a way to compute the private key, that way would always already be available to an attacker. Fortunately, it doesn't work that way at all. HTH, Peter. - -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users