Any way to recover your passphrase?

Tom Chitty chitty@synopsys.COM
Fri Nov 16 19:43:01 2001 

Luckily, _HE_ will have to do the work, huh? He decided after reading the
replies that generating a new key pair wasn't all that bad after all.

TomC

-----Original Message-----
From: Ryan Malayter [mailto:rmalayter@bai.org]
Sent: Friday, November 16, 2001 1:39 PM
To: 'Tom Chitty'
Cc: gnupg-users@gnupg.org
Subject: RE: Any way to recover your passphrase?


Hey, you asked if it could be done. Brute-force is about the only way. Your
brute-force search can be made smarter if he remembers some fragment of his
password, but if not, then it's going to take a long time.

If you have to try all 95 typable ASCII characters (instead of just
lowercase and numbers), then 6 chars = 8.5 days, 7 chars ~ 2 years, 8 chars
>>200 years. Good luck.

:::Ryan Malayter, MCSE
:::Bank Administration Institute
:::Chicago, Illinois, USA


-----Original Message-----
From: Tom Chitty [mailto:chitty@synopsys.COM]
Sent: Friday, November 16, 2001 10:07 AM
To: Ryan Malayter
Cc: gnupg-users@gnupg.org
Subject: RE: Any way to recover your passphrase?


Only 32 days, huh. Okay, I'll get started on it right now... ;)

TomC

-----Original Message-----
From: Ryan Malayter [mailto:rmalayter@bai.org]
Sent: Friday, November 16, 2001 10:52 AM
To: 'Tom Chitty'
Cc: 'gnupg-users@gnupg.org'
Subject: RE: Any way to recover your passphrase?


If he remembers something about the length, and it was at most 8 characters,
and used only letters and numbers, you can probably brute-force the
passphrase...

36^8 = 2821109907456 (~41 bits of entropy)

If you can get 1,000,000 tries per second (you'll probably have to use
multiple machines to get that), you can brute-force the password in less
than 32 days. You'll probably have to write the cracking program yourself,
but there might be something out there on the net.

If his passphrase included dictionary words, life is much easier, and your
cracking program will just have to try variants.

If he picked a *good* passphrase, your task is basically hopeless.

:::Ryan Malayter, MCSE
:::Bank Administration Institute
:::Chicago, Illinois, USA


-----Original Message-----
From: Tom Chitty [mailto:chitty@synopsys.COM]
Sent: Thursday, November 15, 2001 4:43 PM
To: gnupg-users@gnupg.org
Subject: Any way to recover your passphrase?


One of my users has forgotten his original passphrase. Since he'd prefer not
to generate and send out a new key pair, is it possible for him to find out
his passphrase? Since he's forgotten it, I would certainly think he hasn't
decrypted any messages in a while, but I said I would ask. Thanks in
advance.

TomC


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users