Me stupid: lost password for gpg

[Kyrre Ness Sjobak]

man, 27.12.2004 kl. 18.01 skrev Russell Coker:
> On Friday 17 December 2004 08:19, Paul Iadonisi <pri.rhl3 at iadonisi.to> wrote:
> >   Maybe the new dual Opteron box I just ordered can crack the passwords
> > for both our keys. ;-)
> 
> I wrote a program to crack keys with a hacked version of gpg (at the point in 
> the code where it asks for the pass-phrase my code inserted a loop to go 
> through the passwords).  It's ugly but with the recent versions of gpg it 
> works reasonably well (I discovered a memory leak whereby gpg would lose a 
> couple of hundred bytes every attempt at a pass-phrase).
> 

What if it tried a dictionary first?

> The program could try over 600 combinations a second on a 2-3yo Athlon giving 
> almost 5 digits tested per day if you only use lower-case and digits.  This 
> means that a pass-phrase of 6 characters comprising lower-case and digits 
> could be reliably cracked in just over a month.  7 characters could be done 
> in 3 years with an old Athlon or maybe some reasonable amount of time in a 
> dual-Opteron.  8 or more characters would require a large network of 
> machines.
> 
> Let me know if you want a copy of my code, but be warned, it's really ugly.  
> Also it might be possible to optimise things and maybe double the speed if 
> you can figure out GPG memory management (I can't).
> 
> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page