13Mar
SSH – If Eve has the passphrase and public key, can she derive the private key?
I have used ssh-keygen for creating an RSA 4096-bit SSH private and public key pair. I used a passphrase for the private key.
If an attacker, Eve, knows the passphrase in addition to the public key:
- Can they derive the private key? - I presume yes with enough time.
- If they can derive the public key, what algorithms can they use to do this? - I don't know.
- What is the number (or order) of operations needed for each algorithm to derive the private key?
Update - it seems that with using "yafu" on one computer (http://iamnirosh.blogspot.co.uk/2015/02/factoring-rsa-keys.html) that the brute force cracking process / factoring takes significantly less time.
- Would be interesting to see how much difference yafu makes on a distributed environment and on supercomputers.
