Bugtraq mailing list archives
PGP secret keys (was Re: Dell BIOS DoS)
From: Matthew Wakeling <mnw21-bugtraq () jumpleads com>
Date: Thu, 11 Dec 2003 23:22:09 +0000 (GMT)
On Wed, 10 Dec 2003, Thor wrote:
Is a weak passphrase more easily exploited with the presense of the key ring vs direct attack against the encrypted data? Stuff like that... Anyone have any insight?
Well, a few weeks ago, I forgot my PGP secret key passphrase. I'm not the best C programmer in the world (my job is programming in Java), but it didn't take me very long to extend GnuPG to do parallelised passphrase cracking. With the job spread between 14 multi-GHz CPUs in various machines, it was capable of about 10,000 passphrases per second (ie. slow, and I didn't see much leeway in the code for improvement). The system didn't need any encrypted text - it was purely a crack against the secret key encryption. By using special knowledge that I had about the nature of the passphrase (how many characters, what approximate characters it used and where), I calculated that it would take about a day to find the passphrase. And then I remembered that I had changed it to something else, which my cracking program would never have found in a hundred years. Oh well. At least I remembered the passphrase. To answer your question, the weakest part of the PGP encryption system is the passphrase. Having access to the secret key file reduces the difficulty of cracking encrypted text from what computer scientists term "difficult" to merely "computationally intensive", depending on the passphrase that you have. Matthew -- "Argue not with dragons, for thou art crunchy and go well with brie." -- Unknown
Current thread:
- RE: Dell BIOS DoS, (continued)
- RE: Dell BIOS DoS David Brodbeck (Dec 09)
- Re: Dell BIOS DoS Craig Paterson (Dec 09)
- RE: Dell BIOS DoS Lyal Collins (Dec 10)
- Re: Dell BIOS DoS Eric Anderson (Dec 10)
- Re: Dell BIOS DoS Alexandros Papadopoulos (Dec 09)
- Re: Dell BIOS DoS Jim Paris (Dec 10)
- Re: Dell BIOS DoS Craig Paterson (Dec 09)
- Dell BIOS DoS Ross Draper (Dec 09)
- Mobile Device Security, Was: Re: Dell BIOS DoS Karsten W. Rohrbach (Dec 10)
- Re: Dell BIOS DoS Seth Arnold (Dec 10)
- Re: Dell BIOS DoS Thor (Dec 11)
- PGP secret keys (was Re: Dell BIOS DoS) Matthew Wakeling (Dec 12)
- RE: Dell BIOS DoS David Brodbeck (Dec 09)