GPG Passphrase Cracking: pwgen & CAST5

TL;DR

This guide shows how to brute-force a passphrase created with pwgen 16 -s for a GPG archive encrypted using the CAST5 algorithm. It uses `hashcat` and requires a wordlist or mask.

Prerequisites

• A Linux environment (e.g., Ubuntu, Debian).
• gpg installed.
• hashcat installed. Installation varies by distribution; for example, on Debian/Ubuntu: sudo apt update && sudo apt install hashcat
• The encrypted GPG archive file.

Step-by-step Guide

1. Determine the Hash Type

   GPG CAST5 encryption produces a hash that hashcat needs to know. Use gpg --list-hashes on your archive file.

   gpg --list-hashes myarchive.gpg

   Look for the line containing ‘CAST5’ and note the hash algorithm (e.g., SHA256). This is crucial for hashcat.

2. Extract the Salt

   The salt is essential for brute-forcing. Extract it using gpg --print-md myarchive.gpg. The output will contain a line starting with ‘MD5 Hash:’. This is your salt.

   gpg --print-md myarchive.gpg | grep 'MD5 Hash:'

   Copy the entire MD5 hash value (including the characters after ‘MD5 Hash:’).

3. Prepare a Wordlist or Mask

   You need either a wordlist containing potential passphrases, or a mask defining the passphrase structure. pwgen 16 -s generates 16-character random passphrases using a mix of letters and numbers.

   • Wordlist: If you have a suitable wordlist (e.g., rockyou.txt), ensure it’s in plain text format, one passphrase per line.
   • Mask: A mask defines the character set and length of the passphrase. For a 16-character random passphrase similar to pwgen 16 -s, use a mask like this:

     ?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l

     (where ‘?’ represents any character and ‘l’ represents lowercase letters). You can add uppercase, numbers, or symbols to the mask as needed (e.g., ‘?a?a?a…’). See hashcat documentation for full mask options.

4. Run Hashcat

   Use hashcat to brute-force the passphrase. Replace placeholders with your actual values:

   hashcat -m  myarchive.gpg  --salt 

   • -m : Specify the hash type identified in Step 1 (e.g., -m 1400 for SHA256).
   • myarchive.gpg: The path to your encrypted archive file.
   • : The path to your wordlist or mask file.
   • --salt : The salt extracted in Step 2.

   For example, using a SHA256 hash and a wordlist:

   hashcat -m 1400 myarchive.gpg /usr/share/wordlists/rockyou.txt --salt 8a7f...

5. Monitor Progress

   Hashcat will display its progress, showing the number of hashes cracked per second. The process can take a significant amount of time depending on the complexity of the passphrase and your hardware.

6. Retrieve the Passphrase

   If hashcat successfully cracks the passphrase, it will display it in the output. You can also find cracked passphrases in the hashcat session file (usually located in a directory named after your hash type).