Re: What's the best way to test a long list of passphrases?
Hi! Am -10.01.-28163 20:59, schrieb Will McDonald: what's the best way for me to test my 30,000 possible passphrases? No idea whether it's the best way for you, but there is a small tool called rephrase which might do the job: http://roguedaemon.net/rephrase/README.html cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What's the best way to test a long list of passphrases?
On Thu, 2010-10-07 at 20:02 -0400, Robert J. Hansen wrote: On 10/7/2010 7:08 PM, Reid Thompson wrote: given that -- split the file into 5? chunks and kick off 5? copies of the script Given the amount of time required to write a multithreaded application that intelligently divides up work units across cores, versus the eight hours for a single-threaded, single-cored version... There's an old rule of thumb about not using more hammer than you need for a given nail. Tacks get tackhammers and railroad spikes get sledgehammers, but it's foolish to drive tacks with sledges or spikes with tackhammers. This is a tack problem. Use a tackhammer. sorry -- my assumption was that he'd already generated the 30k entry passphrase file n = wc -l passphrasefile split -l n passphrase file - aaa aab aac aad aae kick off a script for each aaX 5 tackhammers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What's the best way to test a long list of passphrases?
On Thu, 2010-10-07 at 15:28 +, Will McDonald wrote: Hi, I have a GPG key to which I've forgotten the passphrase. That is, I remember the mnemonic I used, but not the particular set of l33tspeak substitutions and punctuation used, and guessing hasn't worked. It's a ~26 character passphrase, and since I know the options I might have used I was able to write a perl script to generate the 30,000 or so possible permutations that I might have used. Given that, what's the best way for me to test my 30,000 possible passphrases? I'd prefer to ask gnupg directly via some API (I'm fine writing a small C program if I know the relevant functions to use) rather than trying to script around the text ui (and it's 1-second delay after input). Any suggestions? -will ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users http://www.gnupg.org/related_software/libraries.en.html see gpgme libgcrypt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What's the best way to test a long list of passphrases?
On 10/7/2010 11:28 AM, Will McDonald wrote: Given that, what's the best way for me to test my 30,000 possible passphrases? At one per second, it'll take about nine hours. Your fastest solution involves spend the rest of today polishing the script, and letting it run overnight. Slow and stupid wins. The smart and fast way involves doing the s2k computations yourself and checking prospective keys one after another, but even then this will be slow. The s2k computation involves a lot of iterated hashing in order to slow down brute force attempts like this. You'll waste more time writing code than you'll gain by a faster algorithm. Basically, if you do things the slow and stupid way you'll be done by morning. If you do things the smart and fast way you might be finished by the end of the week. You can view this as an instance of worse is better. Good luck! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What's the best way to test a long list of passphrases?
On 10/7/2010 7:08 PM, Reid Thompson wrote: given that -- split the file into 5? chunks and kick off 5? copies of the script Given the amount of time required to write a multithreaded application that intelligently divides up work units across cores, versus the eight hours for a single-threaded, single-cored version... There's an old rule of thumb about not using more hammer than you need for a given nail. Tacks get tackhammers and railroad spikes get sledgehammers, but it's foolish to drive tacks with sledges or spikes with tackhammers. This is a tack problem. Use a tackhammer. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What's the best way to test a long list of passphrases?
On 10/7/2010 3:25 PM, Robert J. Hansen wrote: On 10/7/2010 11:28 AM, Will McDonald wrote: Given that, what's the best way for me to test my 30,000 possible passphrases? At one per second, it'll take about nine hours. Your fastest solution involves spend the rest of today polishing the script, and letting it run overnight. Slow and stupid wins. The smart and fast way involves doing the s2k computations yourself and checking prospective keys one after another, but even then this will be slow. The s2k computation involves a lot of iterated hashing in order to slow down brute force attempts like this. You'll waste more time writing code than you'll gain by a faster algorithm. Basically, if you do things the slow and stupid way you'll be done by morning. If you do things the smart and fast way you might be finished by the end of the week. You can view this as an instance of worse is better. Good luck! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users given that -- split the file into 5? chunks and kick off 5? copies of the script ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users