I have read a bit about encryption up to this point and understand that server certificates are validated by having a Certificate Authority validate that certificate contents match the digital signature (a hash of the cert contents using their private key) on the certificate itself. The upshot is that anyone with a CA private key can carry out a man-in-the-middle attack by impersonating any site validated by that CA.
So basically every server certificate has the data needed to brute force crack the private key of the CA. All someone needs to do is iterate through every possible key until the signature they generate from the cert contents matches the signature on the cert itself.
Am I missing something fundamental, or is the security of the system dependent on the CA having really long private keys. I mean, couldn't the government of China buy thousands of NVidia graphics cards and put a few grad students to work cracking a CA private key and crack one in a matter of years? I mean, some certs have been out there a while.
