Any way to recover your passphrase?

Tom Chitty chitty@synopsys.COM
Fri Nov 16 17:10:01 2001


Only 32 days, huh. Okay, I'll get started on it right now... ;)

TomC

-----Original Message-----
From: Ryan Malayter [mailto:rmalayter@bai.org]
Sent: Friday, November 16, 2001 10:52 AM
To: 'Tom Chitty'
Cc: 'gnupg-users@gnupg.org'
Subject: RE: Any way to recover your passphrase?


If he remembers something about the length, and it was at most 8 characters,
and used only letters and numbers, you can probably brute-force the
passphrase...

36^8 = 2821109907456 (~41 bits of entropy)

If you can get 1,000,000 tries per second (you'll probably have to use
multiple machines to get that), you can brute-force the password in less
than 32 days. You'll probably have to write the cracking program yourself,
but there might be something out there on the net.

If his passphrase included dictionary words, life is much easier, and your
cracking program will just have to try variants.

If he picked a *good* passphrase, your task is basically hopeless.

:::Ryan Malayter, MCSE
:::Bank Administration Institute
:::Chicago, Illinois, USA


-----Original Message-----
From: Tom Chitty [mailto:chitty@synopsys.COM]
Sent: Thursday, November 15, 2001 4:43 PM
To: gnupg-users@gnupg.org
Subject: Any way to recover your passphrase?


One of my users has forgotten his original passphrase. Since he'd prefer not
to generate and send out a new key pair, is it possible for him to find out
his passphrase? Since he's forgotten it, I would certainly think he hasn't
decrypted any messages in a while, but I said I would ask. Thanks in
advance.

TomC


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users