Lost passphrase

Ryan Malayter rmalayter@bai.org
Mon Sep 23 22:50:02 2002


From: Nick [mailto:gnupg@nick.org]=20
> Is my only option a brute-force attack on the passphrase?=20
Yes. Although if you remember anything about the structure of the
passphrase, you can make a "smarter" brute-force engine. If you can
remember enough to get the number of "tries" down to something like
2^40, you can probably crack it yourself on a PC with a brute-force
script.

> Can GnuPG be modified to ignore the passphrase?
Sure, but this would produce nonsense results. You need the passphrase
to recover the original private key. The passphrase is used (after
hashing) as the key to a symmetric encryption (usually with CAST) of the
private key. This is why your private key file is safe even when it
falls into the wrong hands.

>I just want to generate a revocation certificate=20
>for an old key that I am no longer using.
Can't do that without the private key. You do have some form of
expiration date on that key, right? My suggestion is to generate a new
key, and explain in the description that the old key is dead.=20

Regards,

Ryan Malayter
Sr. Network & Database Administrator
Bank Administration Institute
Chicago, Illinois, USA
PGP Key: http://www.malayter.com/pgp-public.txt
:::::::::::::::::::::::::::::::
Men stumble over the truth from time to time, but most pick themselves
up and hurry off as if nothing happened.
     -Sir Winston S. Churchill