Que tan seguro es GPG?

Q: Can't you break PGP by trying all of the possible keys?

A: This is one of the first questions that people ask when they are first introduced to cryptography. They do not understand the size of the problem. For the IDEA encryption scheme, a 128 bit key is required. Any one of the 2 to the 128th possible combinations would be legal as a key, and only that one key would successfully decrypt the message. Let's say that you had developed a special purpose chip that could try a billion keys per second. This is far beyond anything that could really be developed today. Let's also say that you could afford to throw a billion such chips at the problem at the same time. It would still require over 10,000,000,000,000 years to try all of the possible 128 bit keys. That is something like a thousand times the age of the known universe! While the speed of computers continues to increase and their cost decrease at a very rapid pace, it will probably never get to the point that IDEA could be broken by the brute force attack.

The only type of attack that might succeed is one that tries to solve the problem from a mathematical standpoint by analyzing the transformations that take place between plain text blocks and their cipher text equivalents. IDEA is a well researched algorithm, and although work still needs to be done on it as it relates to complexity theory, so far it appears that there is no algorithm much better suited to solving an IDEA cipher than the brute force attack, which we have already shown to be unworkable.

http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-security-questions.html#security-against-brute-force

En español:

Puedes romper la seguridad de PGP (el estandar utilizado por GPG) intentando todas las posibles combinaciones?

Esta es una de las primeras preguntas que las personas hacen cuando se les introduce por primera vez a la criptografía. Es porque ellos no entienden el tamaño del problema. Para el esquema de encripción IDEA, se requiere una llave de 128 bits, cualquiera de las 2 elevado a la 128 potencia, convinaciones posibles puede servir como llave, pero sólo una desencriptará el mensaje.

Imaginemos que tienes un chip para este proposito que puede intentar mil millones de combinaciones de llaves por segundo, lo cual es mucho más de lo que en realidad puede hacerse hoy en día. Y digamos que puedes conseguir mil millones de estos chips para desencriptar el mensaje.

Con estos mil millones de chips, trabajando a mil millones de combinaciones por segundo, aún tendrías que esperar 10,000,000,000,000 de años para poder intentar todas las llaves de 128 bits.

Esto es algo como mil veces la edad del universo, aunque las computadoras avanzan y son más rápidas cada vez, dificilmente llegarán a un punto en el que puedan romper la seguridad de las llaves de 128 bits por un ataque de fuerza bruta.

El único ataque que pudiera romper la seguridad, sería un ataque que resuelva el problema desde un punto de vista matematico, analizando las transformaciones que existen entre los archivos de texto y sus equivalentes cifrados. IDEA es un algoritmo bien investigado y aunque aún se requiere trabajo, hasta el momento parece ser que no existe un algoritmo capaz de solucionar esto con mayor rápidez que un ataque de fuerza bruta, el cual como ya se mostró es inviable.

Similarly all of the symmetrical algorithms additionally available in the 5.x and GNU Privacy Guard are not known to have significant flaws:

3DES is probably the most studied cryptographic algorithm ever. It offers the strength equivalent to a 112-bit block cipher. The best attacks published require massive amounts of storage and still take more than 2108 operations.

CAST is a well studied 128-bit algorithm. There is no known way of breaking it faster then brute force.

AES or Rijndael is a relatice newcomer in crypto-algorithms, chosen to replace DES/3DES with larger keys (128, 192 or 256 bit) and higher performance. Although there is a lot of attention to all the AES-contestants and finalists in general and Rijndael in particular, it hasn't had nearly as much scrutiny as the previously mentioned algorithms.

Blowfish and its newer cousin (and AES-finalist) Twofish have gotten much (media) attention but are both still relatively new. Because of they do not seem encumbered by patents and there are no serious, publicly known attacks, these algorithms are popular with many open source projects.

>Que tan seguro es GPG?

muy seguro, si sabe como usarlo.

https://help.riseup.net/es/security/message-security/openpgp/gpg-best-practices

Una duda sobre gpg que siempre he tenido es la siguiente:

¿que pasa si yo tengo mis clave gpg, pero un buen día la pc se me daña y me veo en la necesidad de formatearla, hay una forma de volver a tener la misma clave gpg que se tenia antes de formatear?