Me stupid: lost password for gpg
Kyrre Ness Sjobak
kyrre at solution-forge.net
Tue Dec 28 22:58:31 UTC 2004
man, 27.12.2004 kl. 18.01 skrev Russell Coker:
> On Friday 17 December 2004 08:19, Paul Iadonisi <pri.rhl3 at iadonisi.to> wrote:
> > Maybe the new dual Opteron box I just ordered can crack the passwords
> > for both our keys. ;-)
>
> I wrote a program to crack keys with a hacked version of gpg (at the point in
> the code where it asks for the pass-phrase my code inserted a loop to go
> through the passwords). It's ugly but with the recent versions of gpg it
> works reasonably well (I discovered a memory leak whereby gpg would lose a
> couple of hundred bytes every attempt at a pass-phrase).
>
What if it tried a dictionary first?
> The program could try over 600 combinations a second on a 2-3yo Athlon giving
> almost 5 digits tested per day if you only use lower-case and digits. This
> means that a pass-phrase of 6 characters comprising lower-case and digits
> could be reliably cracked in just over a month. 7 characters could be done
> in 3 years with an old Athlon or maybe some reasonable amount of time in a
> dual-Opteron. 8 or more characters would require a large network of
> machines.
>
> Let me know if you want a copy of my code, but be warned, it's really ugly.
> Also it might be possible to optimise things and maybe double the speed if
> you can figure out GPG memory management (I can't).
>
> --
> http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/ My home page
More information about the devel
mailing list