Newbie pgp question
Hi guys, I've got a question - may be it is FAQ, the please point me. I need - well, it sounds funny - to crack PGP-encrypted text ;) I have secring.pgp but not the keyphrase - does it make things easier or not? I also have pgpcrack99.zip (DOS-version, zip means that I unzipped it for the 1st time :) But I guess it will take megahours with big dictionary - and it will cover only single words, not sentences. Please, can somebody introduce me a little? TIA PS. I also know few words in that file, may be even phrases. -- ******************************************* Mike Blazer blazer@mail.nevalink.ru *******************************************
At 04:58 AM 3/2/98 +0300, Mike wrote:
I need - well, it sounds funny - to crack PGP-encrypted text ;) I have secring.pgp but not the keyphrase - does it make things easier or not? I also have pgpcrack99.zip (DOS-version, zip means that I unzipped it for the 1st time :) But I guess it will take megahours with big dictionary - and it will cover only single words, not sentences. Please, can somebody introduce me a little?
Remember how PGP works: PGP picks a random session key, and encrypts it with the public key of the recipient (using RSA or a Diffie-Hellman version), and encrypts the message with the session key. The recipient's private key is encrypted with the passphrase for the private key and stored in secring.pgp. When the recipient wants to decrypt the message, they type their passphrase into PGP, which decrypts the private key from the secring and uses it to decrypt the session key from the message, and uses the session key to decrypt the message body. The session key is long, and you won't crack it. RSA depends on factoring big numbers, and if the user has a 512-bit public key or a longer public key _you_ won't be able to crack it. (The KGB might*, and a distributed internet crack might, but you won't.) But the passphrase for decrypting the private key from the secring file is picked by the user - some users use short stupid keys, and other users use long difficult keys, and short stupid keys can be cracked. The user needs to protect their secring file, to prevent this attack, but if you have their secring, you can try to crack it. If this is your _own_ secring, and you can't remember your passphrase, it's easier, because you probably know what words you use in passphrases, so your dictionary can be short and the crack can be fast. If you stole somebody else's secring, or somebody else store yours, then you have to guess what kind of dictionary to use. This only works for the recipient's secring - if you steal the sender's secring, even if you crack their passphrase, it doesn't help, because that's only used when somebody sends them messages, or when they sign messages (and now you can forge them.) *I assume you're not the KGB or Mafia, because then you would just beat up the guy until he gives you the passphrase. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Bill Stewart wrote: Thanks Bill for very good explanation.
*I assume you're not the KGB or Mafia, because then you would just beat up the guy until he gives you the passphrase.
O-o! You are well informed in what is going on! The "guy" is in fact pretty girl - one man's secretary, so those methods are not for this case. But may be I'd better brute force her instead of her secring? :) -- ******************************************* Mike Blazer blazer@mail.nevalink.ru *******************************************
participants (2)
-
Bill Stewart -
Mike