软暴力破解您自己的GPG/PGP密码的最佳方法? [英] Best way to soft brute-force your own GPG/PGP passphrase?
问题描述
我创建了一个很好的长密码短语,使用了几次,然后就忘记了;)令人困惑的是,我知道通用主题,而且可能知道几乎所有字符.我中的完美主义者不想撤销密钥或类似的东西(我想无论如何我都需要密码来撤销它,对吗?).我认为我应该可以通过蛮力强行执行错误或键入错误的可能的布局/字符来解决这个问题.我写了一个C程序来产生这样的组合.不幸的是,我没有要处理的代码(我现在将以无关紧要"的借口继续进行;).我还使用GPGME在网络上遇到了一些代码在Web上完全可以作为概念证明.它的评论是这很容易快100倍".问题是,对代码进行概要分析表明瓶颈是GPGME调用本身.这是预期的,还是GPGME的局限性可以通过使用完整库或专用实现来解决?
I created a nice long passphrase, used it a few times, then forgot it ;) The twist is, I know the general theme and probably almost all of the characters. The perfectionist in me doesn't want to revoke the key or anything like that (and I think I need the passphrase to revoke it anyway, right?). I feel I should be able to have a good go at this by brute-forcing the likely layouts/characters that I've got wrong/mis-typed. I wrote a C program to produce such combinations. Unfortunately I don't have the code to hand (I'll go with the "it's not relevant" excuse for now ;). I also came across some code on the web using GPGME to do exactly this as a proof-of-concept. It had the comment "this could easily be 100 times faster". Problem is, profiling the code shows the bottleneck to be the GPGME call itself. Is this expected, or is it a limitation of GPGME that could be solved using the full library or a dedicated implementation?
您将如何去做?显然,这种方法对任何体面的 unknown 口令都不可行,但我认为关键是我知道键入的 而不知道 how 的确切格式. >我输入了它-应该可行,不是吗?
How would you go about doing this? Obviously this method is infeasible for any decent unknown passphrase, but I think the key is that I know what I typed without knowing the exact formatting of how I typed it - should be feasible, no?
推荐答案
(我想我还是需要密码才能将其撤消,对吧?)
(and I think I need the passphrase to revoke it anyway, right?)
否,您需要吊销密钥.创建密钥时应生成并打印出来的内容.然后将其存储在安全的地方,而不是在您不希望他人使用它来撤消您的密钥的地方.
No, you need the revocation key. Which you should have generated and printed out when you created your key. Then stored it in a safe place, not where someone could use it to revoke your key when you don't want them to.
我曾经尝试过暴力破解几乎记得的密码,但是没有成功.仍然有很多 排列,并且在将什么缩小到合理的问题大小之后需要采取很多规则.我从来没有为此付出太大努力,因为幸运的是我从未忘记过我的GPG密码短语.通常,当我忘记密码时,这是登录大学的一台远程计算机,而我从不以自己的猜测来敲定ssh端口或网络邮件.
I've tried to brute-force passwords that I almost remembered, but without success. There are still a lot of permutations, and it takes a lot of rules on what can come after what to narrow it down to a reasonable problem size. I never tried too hard on this, since I luckily have never forgotten my GPG passphrase. Mostly when I've forgotten a password it's a login to a remote machine at the university, and I've never wanted to hammer on the ssh port, or webmail, with my guesses.
也许您正在调用的函数进行了许多与键无关的设置?因此,您可以通过将代码从库中复制出来,然后在其中添加蛮力循环来加快速度.
Maybe the function you're calling does a lot of setup that is non-key-dependent? So you could speed it up by copying the code out of the library and putting your brute-force loop later on in it.
这篇关于软暴力破解您自己的GPG/PGP密码的最佳方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
