
Can any of the ciphers in GnuPG be brute-forced? - lucb1e
https://www.gnupg.org/faq/gnupg-faq.html#brute_force
======
blakdawg
This is basically true, but a little overstated.

In particular, it's helpful to make a distinction between brute-forcing a
cipher, and brute-forcing a particular file. If I GPG-encrypt my plaintext
with a weak RSA key, or a weak passphrase with conventional encryption, that
particular ciphertext may be revealed through a brute force attack; the attack
wasn't on the _cipher_ , it was on my key.

Also, the fact that it's impossible/infeasible to exhaustively search the
keyspace doesn't mean that the key won't be found - 50% of the time it'll be
found in the first half of the keyspace that's searched (assuming a linear
search), 1% of the time it'll be found in the first 1% of the keyspace that's
searched, and so forth. Success via brute force isn't at all likely, but it's
not impossible, even though an exhaustive search is practically impossible.

