Date: Sat, 23 Dec 2017 09:09:16 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Recommendations GnuPG-2 replacement On Fri, Dec 22, 2017 at 08:52:52PM +0100, Solar Designer wrote: > On Sun, Dec 17, 2017 at 09:06:08AM +0000, halfdog wrote: > > > > You may process the private key file with gpg2john, then try to crack it > > > with john. This will output the actual value, as well as show you the > > > speed at which passphrases can be tested against that key on your system > > > and with that version of JtR. To use a GPU, add "--format=gpg-opencl". > > > Please use latest bleeding-jumbo off GitHub for all of this. > > > > Done that, but still fighting how to use "gpg2john" with the new > > gpgv2 "private-keys-v1.d" key format. Exporting the private keys > > using gpgv2 does not help as that requires the passphrase already, > > thus removing the gpgv2-encryption, we want to test. > > I tried asking a JtR jumbo contributor to look into this, but > unfortunately I got no response yet, and I had no time to look into it > myself. This is something we ought to have an answer to, but I > currently don't. Please see https://github.com/magnumripper/JohnTheRipper/issues/847 (Add support for the new GPG 2.1 "format") regarding this topic. To summarize, * Currently, gpg2john does not understand the "private-keys-v1.d" key format. * We have a very rough cracking implementation for "private-keys-v1.d" key format at the moment. See "filter.c" on that GitHub issue. I can start working on a proper native cracking implementation (with GPU support likely), if there is interest in this stuff. -- Dhiru
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ