Dean Earley said the following on 03/02/08 15:32:
> Chris Oattes wrote:
>> Dean Earley said the following on 03/02/08 11:26:
>>> Hi all.
>>>
>>> After Hugo's talk yesterday, I decided to see if I could find my old
>>> PGP details.
>>> Unfortunately, it appears I set a passphrase when I created it 7
>>> years ago.
>>> Numerous sites say it needs to be bruteforced, but don;t say how.
>>> Has anyone come across a script to brute force a passphrase?
>>>
>>> Unfortunately, I can't even revoke it without the phrase :|
>>
>> The thing is, passphrases are meant to make it so that anyone who
>> obtains your private key can't use it without knowing the passphrase.
>> If they were "easy" to break, there wouldn't be any point in using
>> them, as anyone that got the key could break it just as easily using
>> the same brute force method. This would make PGP signifcantly less
>> secure.
>
> I know, but it CAN still be brute forced.
> I just haven;t found anything to do it yet :)
>
You CAN calculate the quadrillionth bit of Pi
(
http://en.wikipedia.org/wiki/PiHex), but unless you have an awful lot
of spare processing cycles, I wouldn't like to try it.
With computers there is a big difference between problems you
theoretically can solve and problems that you can actually solve in a
reasonable amount of time (where reasonable is, say, within your lifetime).
For more information:
http://www.iusmentis.com/security/passphrasefaq/attackers/
Chris.
