Bitcoin Forum
December 04, 2016, 10:20:49 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forgot my passphrase on bitcoin-otc Help with bruteforce or finding another way  (Read 2976 times)
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 10, 2011, 02:59:36 AM
 #1

So I forgot my passphrase (the one you need to do clearsign). My pass is most probably a 6 character passphrase with only numbers, and only containing 6 possible different numbers (ie: I know there are no 0s and 6s)

Could someone help me bruteforce it or something? Or does Kleopatra somehow store it somewhere?

I have 2 6870s and an i7 920 @ 4GHz so I think it should be fairly easy no?

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
1480846849
Hero Member
*
Offline Offline

Posts: 1480846849

View Profile Personal Message (Offline)

Ignore
1480846849
Reply with quote  #2

1480846849
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480846849
Hero Member
*
Offline Offline

Posts: 1480846849

View Profile Personal Message (Offline)

Ignore
1480846849
Reply with quote  #2

1480846849
Report to moderator
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
April 10, 2011, 03:18:15 AM
 #2

That's a terrible password. You should be able to crack it in not too much time by using a bash script and GPG with the --passphrase option.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 10, 2011, 04:02:56 AM
 #3

That's a terrible password. You should be able to crack it in not too much time by using a bash script and GPG with the --passphrase option.

Keefe is helping me with a python cracker Smiley

my passwords vary in strenght. My strongest passwords have 26 caracters, mixed numbers and letters and caps and lowercase and no words or anything

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
AbeSkray
Member
**
Offline Offline

Activity: 72



View Profile
April 14, 2011, 10:30:31 PM
 #4

My pass is most probably a 6 character passphrase with only numbers, and only containing 6 possible different numbers (ie: I know there are no 0s and 6s)

This strikes me as very bad. I'm new to #bitcoin-otc, but if someone publicly admits that their GPG password is weak, that raises a red flag in my mind. If your password is easily crackable, does your web-of-trust rating actually mean anything?

If I talk to nster on #bitcoin-otc how do I know it's the real nster and not an impersonator? Does a challenge string clearsigned with nster's public key actually prove his identity? No. Not if I know that nster's private key is protected by a passphrase that can be brute-forced in only 86 attempts.

Of course, I don't know that nster's passphrase is really that weak. The owner of the nster account on this forum is not necessarily the owner of the nster GPG key on #bitcoin-otc. For all I know, the OP is impersonating nster and trying to tarnish his web-of-trust rating.

I'm not trying to be hostile or antagonistic, so I apologize if I'm coming off that way. I guess I'm just trying to say that you're not going to gain any credibility among crypto-nerds by advertizing how weak your GPG passphrase is. Your public key is your identity. Protect it.
nster
Full Member
***
Offline Offline

Activity: 126



View Profile
April 14, 2011, 10:37:45 PM
 #5

My pass is most probably a 6 character passphrase with only numbers, and only containing 6 possible different numbers (ie: I know there are no 0s and 6s)

This strikes me as very bad. I'm new to #bitcoin-otc, but if someone publicly admits that their GPG password is weak, that raises a red flag in my mind. If your password is easily crackable, does your web-of-trust rating actually mean anything?

If I talk to nster on #bitcoin-otc how do I know it's the real nster and not an impersonator? Does a challenge string clearsigned with nster's public key actually prove his identity? No. Not if I know that nster's private key is protected by a passphrase that can be brute-forced in only 86 attempts.

Of course, I don't know that nster's passphrase is really that weak. The owner of the nster account on this forum is not necessarily the owner of the nster GPG key on #bitcoin-otc. For all I know, the OP is impersonating nster and trying to tarnish his web-of-trust rating.

I'm not trying to be hostile or antagonistic, so I apologize if I'm coming off that way. I guess I'm just trying to say that you're not going to gain any credibility among crypto-nerds by advertizing how weak your GPG passphrase is. Your public key is your identity. Protect it.

Well it turns out my password was not a 6 number thing.... It's one of my more complicated passwords so now I'm stuck trying them out lol

a few minutes after my post I tried to bruteforce it with what I thought I knew but it ended up not being true.

Also, I usually change my password to better passwords once it means something to me. until now, I have only 2 ratings that worked with very low amounts of BTC and I did not really know how to use it. Now that I potentially can have more ratings and know how to use it properly, I would have changed it. There was virtual no reputation with the GPG key yet

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
kerstone
Jr. Member
*
Offline Offline

Activity: 40


View Profile
March 24, 2013, 08:55:57 PM
 #6

Thats funny. I just did the same thing, but im an idiot. However, same situation; its really easy, but that was only because it was my test pass. I'm learning...and I don't want you to crack it. its driving me crazy, i just blanked it.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!