Re: What's the best way to test a long list of passphrases?

2010-10-08 Thread Sven Radde
Hi!

Am -10.01.-28163 20:59, schrieb Will McDonald:
 what's the best way for me to test my 30,000 possible
 passphrases?

No idea whether it's the best way for you, but there is a small tool
called rephrase which might do the job:
http://roguedaemon.net/rephrase/README.html

cu, Sven

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: What's the best way to test a long list of passphrases?

2010-10-08 Thread Reid Thompson
On Thu, 2010-10-07 at 20:02 -0400, Robert J. Hansen wrote:
 On 10/7/2010 7:08 PM, Reid Thompson wrote:
  given that -- split the file into 5? chunks and kick off 5? copies of
  the script
 
 Given the amount of time required to write a multithreaded application
 that intelligently divides up work units across cores, versus the eight
 hours for a single-threaded, single-cored version...
 
 There's an old rule of thumb about not using more hammer than you need
 for a given nail.  Tacks get tackhammers and railroad spikes get
 sledgehammers, but it's foolish to drive tacks with sledges or spikes
 with tackhammers.
 
 This is a tack problem.  Use a tackhammer.
 

sorry -- my assumption was that he'd already generated the 30k entry
passphrase file

n = wc -l passphrasefile
split -l n  passphrase file - aaa aab aac aad aae

kick off a script for each aaX

5 tackhammers

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Reid Thompson
On Thu, 2010-10-07 at 15:28 +, Will McDonald wrote:
 Hi,
 I have a GPG key to which I've forgotten the passphrase. That is, I
 remember the mnemonic I used, but not the particular set of l33tspeak
 substitutions and punctuation used, and guessing hasn't worked. It's a
 ~26 character passphrase, and since I know the options I might have
 used I was able to write a perl script to generate the 30,000 or so
 possible permutations that I might have used.
 
 
 Given that, what's the best way for me to test my 30,000 possible
 passphrases? I'd prefer to ask gnupg directly via some API (I'm fine
 writing a small C program if I know the relevant functions to use)
 rather than trying to script around the text ui (and it's 1-second
 delay after input).
 
 
 Any suggestions?
 
 
 -will
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users

http://www.gnupg.org/related_software/libraries.en.html

see
gpgme
libgcrypt

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Robert J. Hansen
On 10/7/2010 11:28 AM, Will McDonald wrote:
 Given that, what's the best way for me to test my 30,000 possible
 passphrases?

At one per second, it'll take about nine hours.  Your fastest solution
involves spend the rest of today polishing the script, and letting it
run overnight.  Slow and stupid wins.

The smart and fast way involves doing the s2k computations yourself and
checking prospective keys one after another, but even then this will be
slow.  The s2k computation involves a lot of iterated hashing in order
to slow down brute force attempts like this.  You'll waste more time
writing code than you'll gain by a faster algorithm.

Basically, if you do things the slow and stupid way you'll be done by
morning.  If you do things the smart and fast way you might be finished
by the end of the week.  You can view this as an instance of worse is
better.

Good luck!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Robert J. Hansen
On 10/7/2010 7:08 PM, Reid Thompson wrote:
 given that -- split the file into 5? chunks and kick off 5? copies of
 the script

Given the amount of time required to write a multithreaded application
that intelligently divides up work units across cores, versus the eight
hours for a single-threaded, single-cored version...

There's an old rule of thumb about not using more hammer than you need
for a given nail.  Tacks get tackhammers and railroad spikes get
sledgehammers, but it's foolish to drive tacks with sledges or spikes
with tackhammers.

This is a tack problem.  Use a tackhammer.



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Reid Thompson

 On 10/7/2010 3:25 PM, Robert J. Hansen wrote:

On 10/7/2010 11:28 AM, Will McDonald wrote:

Given that, what's the best way for me to test my 30,000 possible
passphrases?

At one per second, it'll take about nine hours.  Your fastest solution
involves spend the rest of today polishing the script, and letting it
run overnight.  Slow and stupid wins.

The smart and fast way involves doing the s2k computations yourself and
checking prospective keys one after another, but even then this will be
slow.  The s2k computation involves a lot of iterated hashing in order
to slow down brute force attempts like this.  You'll waste more time
writing code than you'll gain by a faster algorithm.

Basically, if you do things the slow and stupid way you'll be done by
morning.  If you do things the smart and fast way you might be finished
by the end of the week.  You can view this as an instance of worse is
better.

Good luck!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

given that -- split the file into 5? chunks and kick off 5? copies of the script

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users