Realos wrote: > What would you suggest in this case? A brute force attack with some > software if I know part of the password? What tool is suitable for that?
There isn't any software that I know of to brute-force a GnuPG password. You could probably whip up something quick and dirty using GnuPG's password checking code, but to be honest and as much as it probably annoys you, I think the best thing to do is just admit that you've got to replace your key. I did the same thing with my first key. I learned the hard way that one should have produced a revocation certificate. This is something I'd like to see GnuPG offer to generate by default for any new keys. Another option, so you don't have to hold multiple revocation certificates in a safe place, is to create a key for the sole use of using it as a revoking key. You add that key as a revoker to any new keys you produce, and don't use the revoker key for anything else. You can then store the revoker key without a passphrase, or with a very easy to remember one like your birthday. If someone gets their hands on your revoker key, all the damage they can do to you is to issue revocation certificates, which (for most people) is merely annoying rather than actually dangerous. Even better is to get yourself a few OpenPGP smartcards. Use one as your primary use key, and another as a backup. The backup is set up as a revoker for the primary one. If you lose your primary, or it is stolen, you can use the backup to revoke the key on your primary, and then use that key as as your new primary one. Then you just order a new card to act as a backup and when it comes, set it up as a backup with the ability to revoke your new primary key. Sorry about your original key - it's a pain, I know. Kurt.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users