How to Soft-Brute Force Your GPG Passphrase

For whatever reason, I forgot a very important password - my GPG passphrase! There’s no recourse for this, whatever is encrypted with my key is lost forever if I can’t get the passphrase back.

Luckily enough I managed to crack it. Here’s how.

What I had to work with

• My password consisted of three words, in the following format: OneTwoThree
• I was pretty sure I knew One and Three were correct, for some reason I couldn’t remember Two. They are randomly generated so it’s hard to ‘remember’ a link between them.
• One and Two are words in the dictionary (Three isn’t but that’s why I could remember it…)
• I seemed to think that Two began with a T.

What I did

Guesswork

So the first port of call was to desperately try to remember the middle word. No joy… I tried and tried for about half an hour but I could feel the passphrase becoming even harder to remember the more I typed other words in.

Dictionary attack using Nasty

Next up I thought I could try some sort of dictionary attack. The word definitely is in the dictionary so it was worth a try.

I tried to use John the Ripper¹, a popular password cracker but I couldn’t get it to work with gpg. The ‘jumbo’ version has a utility called gpg2john which makes a hash for you but I just couldn’t figure out how to export the key without the passphrase, but with PGP armor. Perhaps someone can tell me.

Instead after quite a bit of digging I found a tool called Nasty² - designed expressly for this purpose.

GPG settings

To use it you need to adjust your gpg settings so that it will allow lots of password attempts in quick succession. This involves adding this to ~/.gnupg/gpg-agent.conf:

allow-loopback-pinentry

And this to ~/.gnupg/gpg.conf:

pinentry-mode loopback

Then kill gpg-agent if it is already running somewhere.

Remember to remove these lines when you are done, it can cause issues with normal usage.

By default Nasty just tries every combination in the alphabet, so a then b then c then d then e etc… Not the most efficient way to go about this unless you have a lot of time on your hands (years rather than days…).

Finding a word list

Luckily, Nasty lets you use a word list. Also lucky, Linux has lots of word lists built right into the system!

cp /usr/share/dict/words ~/bruteforce

The location of the file may vary based on your system, but in essence it’s a list of every word in the dictionary. It’s probably not exhaustive but it’s a good place to start.

Manipulating the list

Now then before we start using Nasty we need to manipulate the text a little, based on what I already know about my password. I like to use vim for this but it’s just what I know, I’m sure there are ways to do it with bash.

First of all, let’s get rid of every word that doesn’t start with a t, since I suspect the middle word of my passphrase starts with that letter:

:g!/^[Tt]/d

The shorter the list of words, the quicker Nasty can run through them.

Next I need to capitalise every word, since I know the format of the password is OneTwoThree.

:%s/\(^\w\)/\U\1/g

Then I need to add the word I know, in this case One to the start of every line. I like to do it this way:

1. Go to the first line: gg
2. Press ctrl+v to enter visual block mode
3. Press G to go to the bottom. This will select the first ‘column’ ie every first character.
4. Press shift+i to enter insert mode (don’t forget shift)
5. Type your word. It will be just on line 1. For us it’s One.
6. Press esc. The word you just typed appears at the start of every line.

I’m sure there’s a slicker way to do this but it’s what stuck with me.

Now I need to add the other word I know at the end. In this case it’s Three:

:%s/$/Three/

All done! Remember to save your work :wq.

So, the end result is a huge list of words that looks like this:

...
OneTzarismThree
OneTzaristThree
OneTzaristsThree
OneTzarsThree
...

That’s obviously the end of the file, but you get the idea. Somewhere in there lies our password, OneTwoThree.

UPDATE 2017-01-05: An anonymous reader has written in with a hot tip on also generating symbols and special characters, which I’m sure many of you have. They used a tool called regldg³. I haven’t used it myself, but it seems like it allows you to use regex to generate a wordlist. In the message they said ‘“universe-checking” and “max-length”’ are options to look into since it caused errors.

Using Nasty

So now it’s time to have Nasty run through this list of words. This is easy:

nasty -m file -i ~/bruteforce -f ~/outputpassword

-m selects the type of guessing, for us it’s file
-i selects the file with the list of words we just made
-f specifies a file to save the correct password to should it find it. This is optional.

Bingo! After 2 minutes of running through the list Nasty struck gold and found the passphrase. Phew!

A bit of luck, a bit of logic and a lot of Linux got me my files back. The chances you are in the same boat as me are slim, but hopefully some of the information I have pooled here might help fellow gpg-ers that have half-forgotten their passphrases.

References

• Suggested GPG settings from the Arch Wiki⁴
• Marcin from stackoverflow on how to remove lines⁵
• Casey wise on how to capitalize all first letters⁶
• Pixelbeat from stackoverflow on how to add a word to the start of every line⁷
• Alan Curry from stackoverflow on how to add a word to the end of every line⁸
• Folkert van Heusden, who wrote Nasty⁹
• Tiago Bortoletto Vaz who wrote a man page for Nasty which saved me a lot of guesswork¹⁰