You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Micah Lee 928b544208 made brute_force_keyid use multiple gpg homedirs because gpg gets horrible inefficient and resource-intensive when it has too many keys in a homedir 10 years ago
lib first draft of keyid brute forcer, all in one thread 10 years ago
.gitignore first draft of keyid brute forcer, all in one thread 10 years ago
.gitmodules
README.md made brute_force_keyid use multiple gpg homedirs because gpg gets horrible inefficient and resource-intensive when it has too many keys in a homedir 10 years ago
brute_force_keyid.py made brute_force_keyid use multiple gpg homedirs because gpg gets horrible inefficient and resource-intensive when it has too many keys in a homedir 10 years ago
download_strong_set.py

README.md

Trolling the Web of Trust

This repository is the home of scripts related to my OHM2013 talk.

To get started, clone the repo and submodules:

git clone https://github.com/micahflee/trollwot.git
cd trollwot
git submodule init
git submodule update

Install the gnupg build dependencies. On a Debian-based distro you do this:

sudo apt-get build-dep gnupg

Build the modified gnupg.

cd lib/gnupg
./configure
make

Brute force PGP key ID

The script that brute forces key IDs uses a modified version of gnupg that removes all the entropy from key generation, which makes it very quick and very insecure. To run it on your computer, making it a very high priority process:

nice -20 ./brute_force_keyid.py

To do list

  • Make keyid and number of threads command line arguements
  • Make ctrl-c actually quit so you don't have to kill the process

Download the web of trust

I wrote a script to recursively download the web of trust, one key at a time. However it's horrible ineffecient and will take forever to finish running. To start downloading the web of trust:

./download_strong_set.py

A better way to get public keys is to download a recent static dump of all the keys in the public key servers from one of these places: