find a passpharse

Mr.Bad mr.bad@pigdog.org
19 Oct 2000 09:20:34 -0700 


>>>>> "LF" == Levente Farkas <lfarkas@mindmaker.hu> writes:


    LF> hi, I encrypt 8 of my txt files in august, and in order not to
    LF> make any typo (!!!)  I cu&paste the passphrase. now when I try
    LF> to decrypt them the passphrase is not working (bad key).

OK, well, I wanted to bring up one of GnuPG's "special features,"
anyways: there's a backdoor built in so that if you can't find the
passphrase for your key, you can always just type in the word
"password" and that will work, too. Typing in your user ID (name and
email address) will also unlock the key.

Haha! Just kidding! Did I scare anybody? B-)

Levente: It's actually really, really, really hard to recover a
passphrase. (Note that when people talking about encryption say
"really hard," they mean "lifetime-of-the-universe hard.") This is
part of the security that GnuPG gives: someone who got access to your
computer couldn't just go into the encrypted files on there
willy-nilly. They'd have to know your passphrase, and the passphrase
is stored in a super-secure way.

Normally, you're ass-out in this case. Of course, that doesn't help
for me to remind you of that, so here's what I'd recommend:

        * Really, really try to remember the passphrase. Wait a while,
          take a couple of days, let it come to you by
          serendipity. These things usually come to me when I'm taking
          a shower or just falling asleep, so I recommend you take a
          lot of naps and showers. B-)

        * Try and recover the data another way -- see if you forgot to
          delete the source files somewhere, or if you can retrieve
          them from someone else who has 'em, or whatever.

        * If you can't recover your data any other way, you -could-
          try running a password cracker on GnuPG. I don't know of any
          crackers that do that right now, but you might want to type
          "password crack" into the Google prompt and see what you can
          find. A lot of password crackers are customizeable so that
          you can tell them what program to run and how to pass the
          password in.

          Note that if you used an even half-decent passphrase (like,
          not your name or "password" or what have you) it's entirely
          possible that the password cracker won't work.

I wish there was another way to help you, but at the same time I'm
glad there's not another way to help you. B-) Next time, use a
passphrase you'll remember!

~Mr. Bad

-- 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 /\____/\   Mr. Bad <mr.bad@pigdog.org>
 \      /   Pigdog Journal | http://pigdog.org/ | *Stay*Real*Bad*
 |  (X \x)   
 (    ((**) "If it's not bad, don't do it.
  \  <vvv>   If it's not crazy, don't say it."
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org