Re: What's the best way to test a long list of passphrases?

2010-10-08 Thread Reid Thompson 
On Thu, 2010-10-07 at 20:02 -0400, Robert J. Hansen wrote:
> On 10/7/2010 7:08 PM, Reid Thompson wrote:
> > given that -- split the file into 5? chunks and kick off 5? copies of
> > the script
> 
> Given the amount of time required to write a multithreaded application
> that intelligently divides up work units across cores, versus the eight
> hours for a single-threaded, single-cored version...
> 
> There's an old rule of thumb about not using more hammer than you need
> for a given nail.  Tacks get tackhammers and railroad spikes get
> sledgehammers, but it's foolish to drive tacks with sledges or spikes
> with tackhammers.
> 
> This is a tack problem.  Use a tackhammer.
> 

sorry -- my assumption was that he'd already generated the 30k entry
passphrase file

n = wc -l passphrasefile
split -l n  passphrase file -> aaa aab aac aad aae

kick off a script for each aaX

5 tackhammers

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Sven Radde 
Hi!

Am -10.01.-28163 20:59, schrieb Will McDonald:
> what's the best way for me to test my 30,000 possible
> passphrases?

No idea whether it's the best way for you, but there is a small tool
called "rephrase" which might do the job:


cu, Sven

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Reid Thompson 

 On 10/7/2010 3:25 PM, Robert J. Hansen wrote:

On 10/7/2010 11:28 AM, Will McDonald wrote:

Given that, what's the best way for me to test my 30,000 possible
passphrases?

At one per second, it'll take about nine hours.  Your fastest solution
involves spend the rest of today polishing the script, and letting it
run overnight.  Slow and stupid wins.

The smart and fast way involves doing the s2k computations yourself and
checking prospective keys one after another, but even then this will be
slow.  The s2k computation involves a lot of iterated hashing in order
to slow down brute force attempts like this.  You'll waste more time
writing code than you'll gain by a faster algorithm.

Basically, if you do things the slow and stupid way you'll be done by
morning.  If you do things the smart and fast way you might be finished
by the end of the week.  You can view this as an instance of "worse is
better."

Good luck!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

given that -- split the file into 5? chunks and kick off 5? copies of the script

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Robert J. Hansen 
On 10/7/2010 7:08 PM, Reid Thompson wrote:
> given that -- split the file into 5? chunks and kick off 5? copies of
> the script

Given the amount of time required to write a multithreaded application
that intelligently divides up work units across cores, versus the eight
hours for a single-threaded, single-cored version...

There's an old rule of thumb about not using more hammer than you need
for a given nail.  Tacks get tackhammers and railroad spikes get
sledgehammers, but it's foolish to drive tacks with sledges or spikes
with tackhammers.

This is a tack problem.  Use a tackhammer.



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Robert J. Hansen 
On 10/7/2010 11:28 AM, Will McDonald wrote:
> Given that, what's the best way for me to test my 30,000 possible
> passphrases?

At one per second, it'll take about nine hours.  Your fastest solution
involves spend the rest of today polishing the script, and letting it
run overnight.  Slow and stupid wins.

The smart and fast way involves doing the s2k computations yourself and
checking prospective keys one after another, but even then this will be
slow.  The s2k computation involves a lot of iterated hashing in order
to slow down brute force attempts like this.  You'll waste more time
writing code than you'll gain by a faster algorithm.

Basically, if you do things the slow and stupid way you'll be done by
morning.  If you do things the smart and fast way you might be finished
by the end of the week.  You can view this as an instance of "worse is
better."

Good luck!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

2010-10-07 Thread Reid Thompson 
On Thu, 2010-10-07 at 15:28 +, Will McDonald wrote:
> Hi,
> I have a GPG key to which I've forgotten the passphrase. That is, I
> remember the mnemonic I used, but not the particular set of l33tspeak
> substitutions and punctuation used, and guessing hasn't worked. It's a
> ~26 character passphrase, and since I know the options I might have
> used I was able to write a perl script to generate the 30,000 or so
> possible permutations that I might have used.
> 
> 
> Given that, what's the best way for me to test my 30,000 possible
> passphrases? I'd prefer to ask gnupg directly via some API (I'm fine
> writing a small C program if I know the relevant functions to use)
> rather than trying to script around the text ui (and it's 1-second
> delay after input).
> 
> 
> Any suggestions?
> 
> 
> -will
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

http://www.gnupg.org/related_software/libraries.en.html

see
gpgme
libgcrypt

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

What's the best way to test a long list of passphrases?

2010-10-07 Thread Will McDonald 
Hi,
I have a GPG key to which I've forgotten the passphrase. That is, I remember
the mnemonic I used, but not the particular set of l33tspeak substitutions
and punctuation used, and guessing hasn't worked. It's a ~26 character
passphrase, and since I know the options I might have used I was able to
write a perl script to generate the 30,000 or so possible permutations that
I might have used.

Given that, what's the best way for me to test my 30,000 possible
passphrases? I'd prefer to ask gnupg directly via some API (I'm fine writing
a small C program if I know the relevant functions to use) rather than
trying to script around the text ui (and it's 1-second delay after input).

Any suggestions?

-will
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users