this post was submitted on 22 Dec 2025
303 points (92.4% liked)
Privacy
3219 readers
153 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm also interested in that, but
This is likely wrong, any password would allow you to produce a valid key from an encrypted key, it will not be a correct key, so you will fail during decryption, but it will take a lot of time to check and may not be easy to automate.
Regarding the auth, they may provide you with a challenge that is encrypted with your public key, and if you have decrypted it correctly, authenticate you, but I don't know how it's done or should be done.
If you have any way to check the key validity offline (for example, you subpoena the encrypted data) then it's trivial to check and automate.
Of course not everybody is capable of this, but it's becoming less and less difficult to brute force it, and renting a few hours of GPU time to do it is within the means of small bad actors.
Renting a few hours of GPU may not cut it, depending on how long the key is, but you're right, getting some data offline would help in breaking the encryption
It may not cut it now, but we can't guarantee it will stay the same within a few years (either faster compute, or other techniques that speed up the brute force)