Any way to recover your passphrase?

Ryan Malayter
Fri Nov 16 16:54:01 2001

If he remembers something about the length, and it was at most 8 characters,
and used only letters and numbers, you can probably brute-force the

36^8 = 2821109907456 (~41 bits of entropy)

If you can get 1,000,000 tries per second (you'll probably have to use
multiple machines to get that), you can brute-force the password in less
than 32 days. You'll probably have to write the cracking program yourself,
but there might be something out there on the net.

If his passphrase included dictionary words, life is much easier, and your
cracking program will just have to try variants.

If he picked a *good* passphrase, your task is basically hopeless.

:::Ryan Malayter, MCSE
:::Bank Administration Institute
:::Chicago, Illinois, USA

-----Original Message-----
From: Tom Chitty [mailto:chitty@synopsys.COM] 
Sent: Thursday, November 15, 2001 4:43 PM
Subject: Any way to recover your passphrase?

One of my users has forgotten his original passphrase. Since he'd prefer not
to generate and send out a new key pair, is it possible for him to find out
his passphrase? Since he's forgotten it, I would certainly think he hasn't
decrypted any messages in a while, but I said I would ask. Thanks in


Gnupg-users mailing list