Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: nster on April 10, 2011, 02:59:36 AM



Title: Forgot my passphrase on bitcoin-otc Help with bruteforce or finding another way
Post by: nster on April 10, 2011, 02:59:36 AM
So I forgot my passphrase (the one you need to do clearsign). My pass is most probably a 6 character passphrase with only numbers, and only containing 6 possible different numbers (ie: I know there are no 0s and 6s)

Could someone help me bruteforce it or something? Or does Kleopatra somehow store it somewhere?

I have 2 6870s and an i7 920 @ 4GHz so I think it should be fairly easy no?


Title: Re: Forgot my passphrase on bitcoin-otc Help with bruteforce or finding another way
Post by: theymos on April 10, 2011, 03:18:15 AM
That's a terrible password. You should be able to crack it in not too much time by using a bash script and GPG with the --passphrase option.


Title: Re: Forgot my passphrase on bitcoin-otc Help with bruteforce or finding another way
Post by: nster on April 10, 2011, 04:02:56 AM
That's a terrible password. You should be able to crack it in not too much time by using a bash script and GPG with the --passphrase option.

Keefe is helping me with a python cracker :)

my passwords vary in strenght. My strongest passwords have 26 caracters, mixed numbers and letters and caps and lowercase and no words or anything


Title: Re: Forgot my passphrase on bitcoin-otc Help with bruteforce or finding another way
Post by: AbeSkray on April 14, 2011, 10:30:31 PM
My pass is most probably a 6 character passphrase with only numbers, and only containing 6 possible different numbers (ie: I know there are no 0s and 6s)

This strikes me as very bad. I'm new to #bitcoin-otc, but if someone publicly admits that their GPG password is weak, that raises a red flag in my mind. If your password is easily crackable, does your web-of-trust rating actually mean anything?

If I talk to nster on #bitcoin-otc how do I know it's the real nster and not an impersonator? Does a challenge string clearsigned with nster's public key actually prove his identity? No. Not if I know that nster's private key is protected by a passphrase that can be brute-forced in only 86 attempts.

Of course, I don't know that nster's passphrase is really that weak. The owner of the nster (http://bitcointalk.org/index.php?action=profile;u=4905) account on this forum is not necessarily the owner of the nster GPG key (http://bitcoin-otc.com/viewgpg.php?nick=nster) on #bitcoin-otc. For all I know, the OP is impersonating nster and trying to tarnish his web-of-trust rating.

I'm not trying to be hostile or antagonistic, so I apologize if I'm coming off that way. I guess I'm just trying to say that you're not going to gain any credibility among crypto-nerds by advertizing how weak your GPG passphrase is. Your public key is your identity. Protect it.


Title: Re: Forgot my passphrase on bitcoin-otc Help with bruteforce or finding another way
Post by: nster on April 14, 2011, 10:37:45 PM
My pass is most probably a 6 character passphrase with only numbers, and only containing 6 possible different numbers (ie: I know there are no 0s and 6s)

This strikes me as very bad. I'm new to #bitcoin-otc, but if someone publicly admits that their GPG password is weak, that raises a red flag in my mind. If your password is easily crackable, does your web-of-trust rating actually mean anything?

If I talk to nster on #bitcoin-otc how do I know it's the real nster and not an impersonator? Does a challenge string clearsigned with nster's public key actually prove his identity? No. Not if I know that nster's private key is protected by a passphrase that can be brute-forced in only 86 attempts.

Of course, I don't know that nster's passphrase is really that weak. The owner of the nster (http://bitcointalk.org/index.php?action=profile;u=4905) account on this forum is not necessarily the owner of the nster GPG key (http://bitcoin-otc.com/viewgpg.php?nick=nster) on #bitcoin-otc. For all I know, the OP is impersonating nster and trying to tarnish his web-of-trust rating.

I'm not trying to be hostile or antagonistic, so I apologize if I'm coming off that way. I guess I'm just trying to say that you're not going to gain any credibility among crypto-nerds by advertizing how weak your GPG passphrase is. Your public key is your identity. Protect it.

Well it turns out my password was not a 6 number thing.... It's one of my more complicated passwords so now I'm stuck trying them out lol

a few minutes after my post I tried to bruteforce it with what I thought I knew but it ended up not being true.

Also, I usually change my password to better passwords once it means something to me. until now, I have only 2 ratings that worked with very low amounts of BTC and I did not really know how to use it. Now that I potentially can have more ratings and know how to use it properly, I would have changed it. There was virtual no reputation with the GPG key yet


Title: Re: Forgot my passphrase on bitcoin-otc Help with bruteforce or finding another way
Post by: kerstone on March 24, 2013, 08:55:57 PM
Thats funny. I just did the same thing, but im an idiot. However, same situation; its really easy, but that was only because it was my test pass. I'm learning...and I don't want you to crack it. its driving me crazy, i just blanked it.