Good (PGP) passphrase cracker?

Good (PGP) passphrase cracker?

Post by ATRU » Wed, 18 Jun 2003 13:24:32



(alt.security.scramdisk included for the crypto expertise there).

Hopefully, this question isn't quite as stupid as it might sound.

I have a key which I've not used for a long time, and I've forgotten the
passphrase.
It's a pretty strong passphrase, long with no real words on anything. So
cracking it by
a conventional simple cracker would be pretty darn hopeless.

However, I'm pretty sure that I'm *very close* to remembering what it was,
maybe
only a character or so off.

Is there a sophisticated PGP passphrase cracker that would let me enter
what
I think my passphrase was, and--within parameters and  bounds that I could
specify, would run various permutations on that passphrase?  I'm thinking
that this program would allow me to tell it to accept which parts (here,
most) of
the passphrase to accept "as is", while the program "experimented" with
relatively small segments of it that I predefined . I would think that
being able
to approach the problem this way would allow me to recover my passphrase.

I'm thinking "no" from my web searches, but it's always worthwhile to ask

 
 
 

Good (PGP) passphrase cracker?

Post by Gamma300 » Thu, 19 Jun 2003 05:05:04



Quote:> (alt.security.scramdisk included for the crypto expertise there).

> Hopefully, this question isn't quite as stupid as it might sound.

> I have a key which I've not used for a long time, and I've forgotten the
> passphrase.
> It's a pretty strong passphrase, long with no real words on anything. So
> cracking it by
> a conventional simple cracker would be pretty darn hopeless.

> However, I'm pretty sure that I'm *very close* to remembering what it was,
> maybe
> only a character or so off.

> Is there a sophisticated PGP passphrase cracker that would let me enter
> what
> I think my passphrase was, and--within parameters and  bounds that I could
> specify, would run various permutations on that passphrase?  I'm thinking
> that this program would allow me to tell it to accept which parts (here,
> most) of
> the passphrase to accept "as is", while the program "experimented" with
> relatively small segments of it that I predefined . I would think that
> being able
> to approach the problem this way would allow me to recover my passphrase.

> I'm thinking "no" from my web searches, but it's always worthwhile to ask

I'd say no, it's too specific and unusual a request for anyone to have
developed a program for it, I would have thought.
However, it may be possible to write your own program for it... PGP is all
open source.

 
 
 

Good (PGP) passphrase cracker?

Post by Gre » Thu, 19 Jun 2003 05:12:31



> Is there a sophisticated PGP passphrase cracker that would let me enter
> what
> I think my passphrase was, and--within parameters and  bounds that I could
> specify, would run various permutations on that passphrase?  

If you could crack PGP passphrases how secure could PGP be?!

If you don't know the passphrase you are pretty much SOL.

 
 
 

Good (PGP) passphrase cracker?

Post by Frod » Thu, 19 Jun 2003 05:19:08


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> Is there a sophisticated PGP passphrase cracker that would let me enter
>> what
>> I think my passphrase was, and--within parameters and  bounds that I
>> could
>> specify, would run various permutations on that passphrase?
> If you could crack PGP passphrases how secure could PGP be?!
> If you don't know the passphrase you are pretty much SOL.

He's not asking to break a XX char password. He's asking to break a XX char
password where he's pretty sure he remembers XX-1 of the characters.

Within the parameters he set it should be perfectly possible to brute force
the remainder of the password. Assuming he actually does remember the
majority of it as well as he thinks.

- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPu93uuXlGBWTt1afEQKAnwCfay7+cnS2ujoovLGzH9nee35lXKsAnjCN
t5oQJdwTQ6v6/6K0MQY+wc8b
=RTxu
-----END PGP SIGNATURE-----

 
 
 

Good (PGP) passphrase cracker?

Post by Robert Engelhard » Thu, 19 Jun 2003 06:37:23



> I have a key which I've not used for a long time, and I've
> forgotten the passphrase. It's a pretty strong passphrase, long
> with no real words on anything. So cracking it by a conventional
> simple cracker would be pretty darn hopeless.

I had exactly the same problem some time ago :-(. Unfortunately, I
couldn't remember the passphrase of one of my keys (and it was a strong
one), and even my brute force attack on it (I tried over 20 million
different combinations) did not lead to success...

Quote:> Is there a sophisticated PGP passphrase cracker that would let me
> enter what I think my passphrase was, and--within parameters and
> bounds that I could specify, would run various permutations on
> that passphrase?  I'm thinking that this program would allow me to
> tell it to accept which parts (here, most) of the passphrase to
> accept "as is", while the program "experimented" with relatively
> small segments of it that I predefined. I would think that being
> able to approach the problem this way would allow me to recover my
> passphrase.

This is too specific, I guess such a program does not exist. There is
however a tool you could use which wants the possible passwords in a
'dictionary'. I wrote a program to generate that dictionary (it's
simply a big textfile with a possible passphrase in each line) and then
feed both, the dictionary and the secret keyring, to the tool. It is
rather slow, and my dictionary was at least 800 MB big (as I said, I
tried a lot of possible passphrases). But in your case it will be
faster I think, and allow you to recover your passphrase.

Quote:> I'm thinking "no" from my web searches, but it's always worthwhile
> to ask

Just google for "pgppass.zip". For example, you could download it from
http://ftp.vc-graz.ac.at/mirror/crypto/pgp/pgp_unsorted/
Hope this helps,

Robert Engelhardt

 
 
 

Good (PGP) passphrase cracker?

Post by Paul Rubi » Thu, 19 Jun 2003 06:48:12


I got in sort of an analogous situation a while back.  The simplest
solution was to hack up the passphrase reading part of GPG to try
passphrases generated by an algorithm, instead of reading them from a
keyboard.  It wasn't blindingly obvious how to do the mod but as I
remember it took about half an hour to put in the change and run it.
 
 
 

Good (PGP) passphrase cracker?

Post by Jason Ti » Thu, 19 Jun 2003 07:56:41


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| If you could crack PGP passphrases how secure could PGP be?!

Extremely Secure!

You need a private key too! (Which would take millions of years to recreate)

A passphrase alone is worthless!

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPu+cpsfsqVOt5QlRAQLSqw//WK+lhiGM4lSuIMWX/MAlbloYjaQt2eCf
ObmzlW9Fuw1h1LEZEx5OSQ3HLrCM2qmNAs1GUG+LfARHWa9d/ytz+o2wiivYoJiS
UyQqUvI5+HPGEB6iigJPC63Z7HAdgs4sECjuXEaGdHHb2mc2QicyPqEC4K4rOE6e
TZ8ovTu6UFcgFQNSjtYdAEZkqP67ltg0kC/WOt5bDtoH9qQ/fpw7JT5DNMjjiYnE
K1R094NADLHhx2TZli+KYKWdKK3m0UbSKrBiaWPu2RSD05DPsPZ8QjEqFRSuPtDL
aSyl8aUfOxPD9m87DbSAg/CIBtMT0mISNG7MSpej2d+CABgbKF7YzFlV/A0iqz8m
5a50tJDcGMVzfFodRgsA12IEwSJARachHf6rSHDUG+R0nmzv8I4Qn4iaXAwAHas0
EVO0kAH8N6VDdtoeoTFmwnVCuCJ5HNnGcGVxWobrQjoSUEHes7Irhb/eQvuhYbWZ
ha0W51XWatqffnuWLm6QUDwbINXS8g6XXNet1e6GbdVfbWMpXD5R/nKn8NUf6AHl
sXjPaink8nWIVoHqcZVhcE/rBNBJS+FS1BTGtSdzflD2klXr4DgSRoPaqDpjeHyE
qLnaZWeHtxRlcDjOkqc+4ZcYAOq0rggmDA1R/GgTE9C5UBXTzE80gr64TN8/9Nb/
CVU94nd6kfY=
=F/3M
-----END PGP SIGNATURE-----

 
 
 

Good (PGP) passphrase cracker?

Post by Gamma300 » Thu, 19 Jun 2003 17:28:03




Quote:

> > Is there a sophisticated PGP passphrase cracker that would let me enter
> > what
> > I think my passphrase was, and--within parameters and  bounds that I
could
> > specify, would run various permutations on that passphrase?

> If you could crack PGP passphrases how secure could PGP be?!

> If you don't know the passphrase you are pretty much SOL.

Not true. PGP is very secure, unless the hacker gets a hold on your private
key, in which case it all hinges on whether (s)he can get a hold on the
passphrase. And would it not be fairly easy to write a batch file to test
passphrases in sequence? There's a passphrase FAQ out there somewhere (try
googling) that discusses the required length of passphrase to ensure that
the passphrase is stronger than all the other parts of the encryption
process; a sword is only as strong as its weakest point.

-----BEGIN GEEK CODE BLOCK------
Version 3.12

Y+(++) PGP++ t+ 5 X R(+) tv(-) b+(+++) DI++++ D G e-(*) h!>--- r++
z+>+++
------END GEEK CODE BLOCK------

 
 
 

Good (PGP) passphrase cracker?

Post by d.. » Thu, 19 Jun 2003 20:14:44


On Wed, 18 Jun 2003 09:28:03 +0100, "Gamma3000"






>> > Is there a sophisticated PGP passphrase cracker that would let me enter
>> > what
>> > I think my passphrase was, and--within parameters and  bounds that I
>could
>> > specify, would run various permutations on that passphrase?

>> If you could crack PGP passphrases how secure could PGP be?!

>> If you don't know the passphrase you are pretty much SOL.

>Not true. PGP is very secure, unless the hacker gets a hold on your private
>key, in which case it all hinges on whether (s)he can get a hold on the
>passphrase. And would it not be fairly easy to write a batch file to test
>passphrases in sequence? There's a passphrase FAQ out there somewhere (try
>googling) that discusses the required length of passphrase to ensure that
>the passphrase is stronger than all the other parts of the encryption
>process; a sword is only as strong as its weakest point.

>-----BEGIN GEEK CODE BLOCK------
>Version 3.12

>Y+(++) PGP++ t+ 5 X R(+) tv(-) b+(+++) DI++++ D G e-(*) h!>--- r++
>z+>+++
>------END GEEK CODE BLOCK------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=PGP+passphrase+
FAQ&btnG=Google+Search

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

iQA/AwUBPvBJpTPsxViTWCDmEQJz1QCg4pCZrqjtncdC57iZONWrG+CscicAoLnl
ha1zBvjaDb2n0SjU6YLMcnLA
=F8Lf
-----END PGP SIGNATURE-----

 
 
 

Good (PGP) passphrase cracker?

Post by e-hea » Fri, 20 Jun 2003 04:56:41


actually, the command line pgp allows you to specify a password in the
command line.
i have bash/cygwin scripts that auto-backup and encrypt my data for me which
use this.
(of course the scripts are on an encrypted partition for those of you
laughing at me right now %^)

if you are willing to learn some bash and/or perl, and willing to take a
couple of weeks spare time on the project,
i would recommend installing cygwin ( a unix/linux sublayer for windows )
and start piddling with bash scripting
and perl. you would be surprised how far you can go in a relatively short
period of time.


Quote:> (alt.security.scramdisk included for the crypto expertise there).

> Hopefully, this question isn't quite as stupid as it might sound.

> I have a key which I've not used for a long time, and I've forgotten the
> passphrase.
> It's a pretty strong passphrase, long with no real words on anything. So
> cracking it by
> a conventional simple cracker would be pretty darn hopeless.

> However, I'm pretty sure that I'm *very close* to remembering what it was,
> maybe
> only a character or so off.

> Is there a sophisticated PGP passphrase cracker that would let me enter
> what
> I think my passphrase was, and--within parameters and  bounds that I could
> specify, would run various permutations on that passphrase?  I'm thinking
> that this program would allow me to tell it to accept which parts (here,
> most) of
> the passphrase to accept "as is", while the program "experimented" with
> relatively small segments of it that I predefined . I would think that
> being able
> to approach the problem this way would allow me to recover my passphrase.

> I'm thinking "no" from my web searches, but it's always worthwhile to ask

 
 
 

Good (PGP) passphrase cracker?

Post by John Ashcro » Fri, 20 Jun 2003 09:57:41


Quote:>Is there a sophisticated PGP passphrase cracker that would let me enter
>what I think my passphrase was, and--within parameters and  bounds that
>I could specify,

I've got a real good one I use every day, but you can't use it because
it's busy being used to subvert the 4th Amendment.

-John Ashcroft

--
Questo messaggio e' stato inoltrato automaticamente
da un paio di Anonymous Remailer. Il mittente originale
e' sconosciuto e non identificabile. Datevi pace.

 
 
 

Good (PGP) passphrase cracker?

Post by David Ros » Sun, 22 Jun 2003 10:05:21


I would hope not.  

--

David E. Ross
<http://www.rossde.com/>  

Concerned about someone snooping into your E-mail?
Use PGP.  See my <http://www.rossde.com/PGP/>

 
 
 

Good (PGP) passphrase cracker?

Post by Jason Ti » Sun, 22 Jun 2003 12:39:42


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I would hope not.

Does this mean that you hand out your private key to anyone
who asks?

Why else would you be so worried about passphrase crackers
which already exist and are easily accessible?

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPvPTecfsqVOt5QlRAQJz4Q/8CLEEGwho1OxPbXyJN2xiBW+wZjAYBifp
yoyJbiLOJTDA5ljF3LAf0qiHC9IdvaHfg+OcmkrPHXihYFnsyqN6WHeTyIyYUQWM
vWEQdMgIQdrK15plYx6vLIGVHBoOJUK42Clk3yOQoKqgwddrXhJUW2uoUQm4ZDsY
6QNhMfF1ukhoz1WnsWxGxHbX8bJZeBVMBMBnCQ/Rld5YwgG1n4Z1J75dcYOCqwiB
G8qC0mYNB7gVhlarl2pvLtE3Ry8B2mA53/kthtWArvBHKhmArxYe9+QT4h1jApdT
SsXihdBdCEJE+uUPPz4S1PJvsd7Cgzs0SI4ilijw+tzem8KwRfXkJKdbKH1HKhsV
yIXSkU2rIBY7YyAjcJDC0Cb6yA9GtcsINgc+xvCxwZEYskbEI7K5XsCo8N58pchp
qSax5PnDfjd4zHm/v5iuCXM3w3LrPzePdR5+2BRZPincIaPaFKlf5yJoQYHgyxXa
OqcTcsJ1uOEZAj7jMpVc8hyi86UpB1otpVq3Bl57t8KGG4ow8FDrF6OIKGQIFtfh
gY6JRUPero3291m8WeE4+wcyeLJlZj3/7/nNQvIkA7ZIbyu6/JzNg869Sm1xVkmm
M9f9SVvu8LQVJNQPLtfQqG0dh8o7P2xDVbzWxbud4R4DQEzqxiqDi/aZUPGH5uxr
Rro+c+PixZs=
=HdY5
-----END PGP SIGNATURE-----

 
 
 

Good (PGP) passphrase cracker?

Post by Gamma300 » Sun, 22 Jun 2003 18:31:32



Quote:> I would hope not.

There are command line versions of PGP. The whole thing is open source.
_Anyone_ with a bit of programming knowhow could write a batch file to test
passwords on the command line version, or alter one of the open source
versions to test passwords. Do not just assume that there is no passphrase
cracker out there, make sure that you select a passphrase that is good
enough to withstand cracking.