On 2020-07-09 at 10:19 +0200, Werner Koch via Gnupg-users wrote: > If you know the fingerprint it is of course easy to find the creation > date; that are at worst a mere 710 million hashes (from 1998 to now). > it is just that we don't have the tooling. To make things easier I > will > probably store the creation date as meta data along with the bare > numbers in the forthcoming 2.3.
I have some toll that could do that. It's a matter of bruteforcing 4 bytes. The user probably has some idea of *when* it was created, highly simplifying it. In fact, assuming this is the same computer on which the key was created (quite likely, since there is no backup), the filesystem timestamp of the file holding the secret key shouild be at most a few seconds off, thus making such search immediate. i should note however, that if someone loses its public key, and it wasn't published anywhere he can simply reach it (such as the keyservers), yet he wants to keep using the same key, that probably means that *someone* else has that public key, and thus it might be problematic to create a new key. In which case, the public key could be retrieved from one of the third parties having it.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
