Options to revoke a key

Stefan Nicolin root at nicolinux.de
Mon Oct 27 20:25:11 CET 2003 

>> > I still remember fragments of my passphrase. That's why I'am asking
> > > for advice how to brute force recover it.
> >
> > Infeasibility of brute-force compromise is a goal behind the algorithms
> > used to protect the key.  If it were feasible to do so, we'd want to
> > know about it so that it could be fixed (made infeasible) again.
> >
> > As far as the software is concerned, someone who has lost their
> > passphrase is indistinguishable from someone who never knew it.
> ====================================

> although, if you remember pieces of it, then you do (in theory) have an
> advantage over anyone else who might try to brute-force it.... with the
> pieces that you know, and some programming, it still may not be feasible
> to crack your own password.

I thaugt of using a dictonary file (filled with the fragments that I still remember
and other common words).
The only missing part is that I don't know how to really accomplish the "cracking" task.
Running gpg --edit-key <keyid> and revoking the key where I am prompted for the 
passphrase is not that practicable to put in a loop and try every combination
based of my custom dictonary....


> something else of relevance, that i found in the man page, is:
> 		--desig-revoke
> 	Generate a designated revocation certificate for a key.  This
> 	allows  a  user  (with  the  permission  of the keyholder) to
> 	revoke someone else's key.
> and...
> 		addrevoker
> 	Add a designated revoker.  This takes one  optional
> 	argument:  "sensitive".  If a designated revoker is
> 	marked as sensitive, it will  not  be  exported  by
> 	default (see export-options).
>
> i haven't played with them, but they may be worth looking into if one has
> a trusted friend/partner who is less likely than oneself to lose the keys.

Hm - tried it. Gpg tells me that I didn't found any revocation keys for the 
given ID.

[...]

> conventional wisdom says you should never write down a password, but with
> reasonable precautions it might be better to have a copy you can get to.
> check out the password links (towards the bottom) that i've collected at -
> http://smasher.suspicious.org/open/
>
> also, an expiration date on keys let's them die on their own if they're
> not maintained... i'm keeping my keys good for 12-24 months at a time...
> when the expiration date hits 12 months, i'll add another 12 months to
> them. i figure it's easier to update (or force people to update) a key
> that expires at a later date, than an earlier date.

Thanks for your advice - that's what I've done with the new key.


>         ...atom

Stefan

> _______________________________________________
> PGP key - http://smasher.suspicious.org/pgp.txt
> 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
> -------------------------------------------------

> 	"Fighting crime by building more jails is like
> 	 fighting cancer by building more cemeteries."
> 		-- Paul Kelly

More information about the Gnupg-users mailing list