Me stupid: lost password for gpg
Russell Coker
russell at coker.com.au
Mon Dec 27 17:01:52 UTC 2004
On Friday 17 December 2004 08:19, Paul Iadonisi <pri.rhl3 at iadonisi.to> wrote:
> Maybe the new dual Opteron box I just ordered can crack the passwords
> for both our keys. ;-)
I wrote a program to crack keys with a hacked version of gpg (at the point in
the code where it asks for the pass-phrase my code inserted a loop to go
through the passwords). It's ugly but with the recent versions of gpg it
works reasonably well (I discovered a memory leak whereby gpg would lose a
couple of hundred bytes every attempt at a pass-phrase).
The program could try over 600 combinations a second on a 2-3yo Athlon giving
almost 5 digits tested per day if you only use lower-case and digits. This
means that a pass-phrase of 6 characters comprising lower-case and digits
could be reliably cracked in just over a month. 7 characters could be done
in 3 years with an old Athlon or maybe some reasonable amount of time in a
dual-Opteron. 8 or more characters would require a large network of
machines.
Let me know if you want a copy of my code, but be warned, it's really ugly.
Also it might be possible to optimise things and maybe double the speed if
you can figure out GPG memory management (I can't).
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the devel
mailing list