Options to revoke a key
root at nicolinux.de
Mon Oct 27 20:25:11 CET 2003
>> > I still remember fragments of my passphrase. That's why I'am asking
> > > for advice how to brute force recover it.
> > Infeasibility of brute-force compromise is a goal behind the algorithms
> > used to protect the key. If it were feasible to do so, we'd want to
> > know about it so that it could be fixed (made infeasible) again.
> > As far as the software is concerned, someone who has lost their
> > passphrase is indistinguishable from someone who never knew it.
> although, if you remember pieces of it, then you do (in theory) have an
> advantage over anyone else who might try to brute-force it.... with the
> pieces that you know, and some programming, it still may not be feasible
> to crack your own password.
I thaugt of using a dictonary file (filled with the fragments that I still remember
and other common words).
The only missing part is that I don't know how to really accomplish the "cracking" task.
Running gpg --edit-key <keyid> and revoking the key where I am prompted for the
passphrase is not that practicable to put in a loop and try every combination
based of my custom dictonary....
> something else of relevance, that i found in the man page, is:
> Generate a designated revocation certificate for a key. This
> allows a user (with the permission of the keyholder) to
> revoke someone else's key.
> Add a designated revoker. This takes one optional
> argument: "sensitive". If a designated revoker is
> marked as sensitive, it will not be exported by
> default (see export-options).
> i haven't played with them, but they may be worth looking into if one has
> a trusted friend/partner who is less likely than oneself to lose the keys.
Hm - tried it. Gpg tells me that I didn't found any revocation keys for the
> conventional wisdom says you should never write down a password, but with
> reasonable precautions it might be better to have a copy you can get to.
> check out the password links (towards the bottom) that i've collected at -
> also, an expiration date on keys let's them die on their own if they're
> not maintained... i'm keeping my keys good for 12-24 months at a time...
> when the expiration date hits 12 months, i'll add another 12 months to
> them. i figure it's easier to update (or force people to update) a key
> that expires at a later date, than an earlier date.
Thanks for your advice - that's what I've done with the new key.
> PGP key - http://smasher.suspicious.org/pgp.txt
> 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
> "Fighting crime by building more jails is like
> fighting cancer by building more cemeteries."
> -- Paul Kelly
More information about the Gnupg-users