Passphrase

[David Shaw]

On Apr 26, 2011, at 6:38 PM, Stephen H. Dawson wrote:

> Hi,
>  
>  
> Dire need, hoping for help.
>  
> I have my private and public keys, but you have neither the passphrase nor a revocation certificate.  I need to revoke my published key.  Can they recommend a bash script to discover the passphrase using brute force on the private key?

It depends.  If you have a strong passphrase, you're pretty much out of luck.  After all, if it was easy to brute force a strong passphrase, it would defeat a lot of the point of the crypto here.

That said, frequently when someone forgets their passphrase, they half remember it.  They know it starts with such-and-such characters, or that it ends with a number, or has a hyphen in there... that sort of recollection.  For those cases, there are tools that might be useful to you, since your half memory of the passphrase reduces the search space that will need to be brute-force.  If you can manage to remember enough of the passphrase, you might be able to use a tool like http://www.roguedaemon.net/rephrase/ to brute force the missing parts.

There is also a commercial product from Elcomsoft that claims very fast distributed brute forcing.  I haven't tried it myself.  http://www.elcomsoft.com/edpr.html

David