revoke key with forgotten passphrase from keyservers

dAniel hAhler genml at thequod.de
Tue Feb 24 21:59:41 CET 2004


Hello gnupg-users,

I've once forgotten the passphrase of a PGP key and created a new one.
Unfortunately I just realized that I've uploaded this old key to a
keyserver and no expiration date is set.

So, I'm looking for a way to retain the passphrase by doing a
dictionary attack with combinations of words/parts that I could remember.

I found pgpcrack, but it does not run on WinXP and though I got the
source I did not manage to compile it in cygwin, so I look in general
for information on what to do.

Is the pgpcrack way a good starting point? should I try harder to
compile it?

.-----[ pgpcrack-readme ]-----
|
| Secret key cracking works quite a bit differently.  After the
| passphrase is hashed, the IV and each encrypted MPI are decrypted in
| IDEA-CFB mode.  Then a simple checksum is calculated over the
| plaintext of each MPI (the checksum is not calculated over N and E).
| The checksum calculation includes the length fields of each MPI.  The
| checksum algorithm consists of a running addition of every byte.  The
| output is a 16-bit integer.  The output is then compared with the
| unencrypted checksum stored in the secret key file.
|
'-------------------

Or is it better to use gpg and a script that passes the
variations/combinations of passphrases I want to try and check for
successful execution. Thought about using
----->8--------------------------------------------------------
gpg -u 45FDCE5B --passphrase-fd 0 --sign text.txt < filepassphrase
----->8--------------------------------------------------------
but that seems not to be very performant.

I think it would be futile to write to keyserver admins and please them
to remove the key (though it has my domain as email address), isn't it?

Hope that you can help..


-- 
shinE!
http://www.thequod.de ICQ#152282665
GnuPG/PGP key: http://thequod.de/danielhahler.asc




More information about the Gnupg-users mailing list