Me stupid: lost password for gpg
Hans de Goede
j.w.r.degoede at hhs.nl
Tue Dec 28 08:25:02 UTC 2004
Russell Coker wrote:
> On Friday 17 December 2004 08:19, Paul Iadonisi <pri.rhl3 at iadonisi.to> wrote:
>
>> Maybe the new dual Opteron box I just ordered can crack the passwords
>>for both our keys. ;-)
>
>
> I wrote a program to crack keys with a hacked version of gpg (at the point in
> the code where it asks for the pass-phrase my code inserted a loop to go
> through the passwords). It's ugly but with the recent versions of gpg it
> works reasonably well (I discovered a memory leak whereby gpg would lose a
> couple of hundred bytes every attempt at a pass-phrase).
>
> The program could try over 600 combinations a second on a 2-3yo Athlon giving
> almost 5 digits tested per day if you only use lower-case and digits. This
> means that a pass-phrase of 6 characters comprising lower-case and digits
> could be reliably cracked in just over a month. 7 characters could be done
> in 3 years with an old Athlon or maybe some reasonable amount of time in a
> dual-Opteron. 8 or more characters would require a large network of
> machines.
>
> Let me know if you want a copy of my code, but be warned, it's really ugly.
> Also it might be possible to optimise things and maybe double the speed if
> you can figure out GPG memory management (I can't).
>
1) Thanks, but I finally remembered my password
2) This is worry some, so a passphrase really should be 8 chars minimal?
Regards,
Hans
More information about the fedora-devel-list
mailing list