Re: [Hampshire] GPG passphrase brute forcing

Top Page
This message is part of the following thread:
M-+--\the complete thread tree sorted by date
M\M..MAdam Trickett at <-
MMM+\Dean Earley at ->

Reply to this message
Author: Chris Oattes
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] GPG passphrase brute forcing
Dean Earley said the following on 03/02/08 11:26:
> Hi all.
>
> After Hugo's talk yesterday, I decided to see if I could find my old PGP
> details.
> Unfortunately, it appears I set a passphrase when I created it 7 years ago.
> Numerous sites say it needs to be bruteforced, but don;t say how.
> Has anyone come across a script to brute force a passphrase?
>
> Unfortunately, I can't even revoke it without the phrase :|
>
> Thanks.
>

The thing is, passphrases are meant to make it so that anyone who
obtains your private key can't use it without knowing the passphrase. If
they were "easy" to break, there wouldn't be any point in using them, as
anyone that got the key could break it just as easily using the same
brute force method. This would make PGP signifcantly less secure.

Chris Oattes.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] GPG passphrase brute forcingRe: [Hampshire] GPG passphrase brute forcing->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)