What's the best way to test a long list of passphrases?

Robert J. Hansen rjh at sixdemonbag.org
Thu Oct 7 21:25:37 CEST 2010


On 10/7/2010 11:28 AM, Will McDonald wrote:
> Given that, what's the best way for me to test my 30,000 possible
> passphrases?

At one per second, it'll take about nine hours.  Your fastest solution
involves spend the rest of today polishing the script, and letting it
run overnight.  Slow and stupid wins.

The smart and fast way involves doing the s2k computations yourself and
checking prospective keys one after another, but even then this will be
slow.  The s2k computation involves a lot of iterated hashing in order
to slow down brute force attempts like this.  You'll waste more time
writing code than you'll gain by a faster algorithm.

Basically, if you do things the slow and stupid way you'll be done by
morning.  If you do things the smart and fast way you might be finished
by the end of the week.  You can view this as an instance of "worse is
better."

Good luck!



More information about the Gnupg-users mailing list