Password cracking
A case study in combinatorics
By the 13th letter, on .
Abstract: Many cryptographic systems such as OpenPGP and Linux Unified Key Setup utilize passwords to encrypt the payload, whether directly or indirectly. Due to limits on human memory, low entropy of natural language, and other related factors, passwords are oftentimes the weakest link in the crypto system, and thus represent a viable attack point for obtaining unauthorized access. In this article I share my personal experiences with trying a password guessing attack on an OpenPGP keypair, with a focus on the combinatorics of the problem.