Russell Coker wrote:
On Friday 17 December 2004 08:19, Paul Iadonisi <pri.rhl3@xxxxxxxxxxx> wrote:
Maybe the new dual Opteron box I just ordered can crack the passwords for both our keys. ;-)
I wrote a program to crack keys with a hacked version of gpg (at the point in the code where it asks for the pass-phrase my code inserted a loop to go through the passwords). It's ugly but with the recent versions of gpg it works reasonably well (I discovered a memory leak whereby gpg would lose a couple of hundred bytes every attempt at a pass-phrase).
The program could try over 600 combinations a second on a 2-3yo Athlon giving almost 5 digits tested per day if you only use lower-case and digits. This means that a pass-phrase of 6 characters comprising lower-case and digits could be reliably cracked in just over a month. 7 characters could be done in 3 years with an old Athlon or maybe some reasonable amount of time in a dual-Opteron. 8 or more characters would require a large network of machines.
Let me know if you want a copy of my code, but be warned, it's really ugly. Also it might be possible to optimise things and maybe double the speed if you can figure out GPG memory management (I can't).
1) Thanks, but I finally remembered my password 2) This is worry some, so a passphrase really should be 8 chars minimal?
Regards,
Hans
