Gnupg hack

Have you wondered about using cryptography, but found it too confusing? Are complicated software packages, passphrases, keys, key rings, certificates and fingerprints too daunting? You don't need all that. With no prior experience and nothing to remember, GnuPG can do basic and immediately useful cryptography.

GnuPG even may be installed on your Linux system already. Also known as the Gnu Privacy Guard, it is a sophisticated public key cryptosystem with more than 70 command-line options, plus an internal command-line and menu environment. It has been ported to several operating systems and has precompiled binaries available from the GnuPG Web site see the on-line Resources.

OpenPGP is also the basis for commercial products on even more operating systems. An OpenPGP system is the most common file encryption system you will encounter.

First, let's begin with some GnuPG features that don't need a passphrase. After that, we'll choose a passphrase and use it to encrypt something. Note that GnuPG is the name of the software, but the name of the command is gpg. The version number, date and other details may vary. The examples shown in this article should work for most current and future versions of GnuPG.

This is perfectly normal the first time you run GnuPG. If it doesn't happen, it simply means you've run GnuPG before, or your. Sometimes it's more convenient to keep all the data in the message body.

You may have tried to use uuencode and found it confusing or that it didn't work. Not all systems have a command-line MIME encoder. If you do want security and data compression, see the Quick and Clean Encryption section below and use a good passphrase. Do you suspect a file you just received is corrupted?

Traditionally, the sum or cksum command is run over the file before and after it was sent and the outputs are compared.

But there are three different incompatible versions of these commands, and even the same version can produce completely different output on different machines due to processor endian issues. Even worse, sometimes they won't even detect corrupted files. By chance alone, even when they are compatible, they sometimes will produce the same output for different files. The bit output of the sum and cksum commands is simply too small for reliability, much less security.

You could use md5sum instead, but there are different versions of this command. Each version has slight differences in formatting of filenames, whitespace and hexadecimal case. These differences in format prevent diff from running cleanly. In addition, there are known security vulnerabilities in the MD5 hash algorithm used by md5sum. And, sometimes md5sum isn't even installed.

GnuPG avoids these problems, because it produces the same output regardless of operating system or processor architecture. GnuPG also supports newer and more secure algorithms:. By the way, you can validate these --print-md examples by creating a file called filename containing the single line: The Linux Journal.

Your hash values should have exactly the same hexadecimal value as those in this article if the contents of the file is the same. Want to encrypt a file, but don't know where to start? Here's a quick and clean introduction to file encryption using GnuPG:. When encrypting, GnuPG asks for a passphrase twice, just like when you set a new password. The new encrypted file has the same name, but with the extension. The original file is left intact. The -c stands for conventional encryption, also known as symmetric encryption.

Normally, GnuPG defaults to public key encryption, but we haven't generated or loaded any public keys, so for now we have to stay with conventional. Several countermeasures to this attack are already included in the current version of GnuPG. By using our website and services, you expressly agree to the placement of our performance, functionality and advertising cookies. Learn more. Search Search for:. Hackaday Links: January 9, 10 Comments.

Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. How easy is it to crack gpg with private key, but without password Ask Question.

Asked 7 years ago. Active 7 years ago. Viewed 19k times. Improve this question. Add a comment. Active Oldest Votes. You can repeat the arithmetic with other values of guesses per second. Improve this answer. Bob Brown Bob Brown 5, 1 1 gold badge 18 18 silver badges 28 28 bronze badges.

So, the answer is that they would be crackable in similar times since both are just dictionary attacks cracking symmetric encryptions. It depends on the algorithm used by gpg to encrypt the secret key. There is a interesting blog post about it. My current gpg 2. It is possible and I encourage you to change that.