				PGPCrack v0.99b by
				Mark Miller <markm@voicenet.com>
				Copyright (c) Mark Miller 1996

			I. SYNTAX
			II. GENERAL INFORMATION
			III. TECHNICAL INFORMATION
			IV. CHANGES
			V. COPYRIGHT

I. SYNTAX:

The syntax is pretty simple.  The command line should be the following:

	pgpcrack [phraselist] [pgpfile] <logfile>

"Phraselist" is a list of passphrases that PGPCrack attempts to use to decrypt
the file "pgpfile".  "Logfile" is an optional parameter that will specify to
what file the cracked password will be written.  If this is not specified,
stderr will be used (Note: it may be a Good Idea to use a "logfile", because
if the passphrase has any trailing whitespace, this will not be visible on
stderr and could cause hours of frustration...).  I have added the ability
to crack secret keys, but it is not nearly as fast as cracking the conventional
encryption.

II. GENERAL INFORMATION:

PGPCrack is a program designed to brute-force a conventionally encrypted file
encrypted with PGP or a PGP secret key.  The file "pgpfile" must not be
ascii-armored.  The file "phraselist" should be a file containing all of the
passphrases that will be used to attempt to crack the encrypted file.

This program is currently in beta.  If you have any suggestions or bug reports,
feel free to e-mail them to me at markm@voicenet.com.

III. TECHNICAL INFORMATION:

Those who are not interested in the technical aspects of PGPCrack can skip
this section.

PGPCrack works by reading the first 23 bytes of the file to be cracked.  The
last 18 bytes of this array are the only bytes used to crack the file.
Next it reads each line of the phraselist, removes the newline character,
hashes the line with MD5, and uses that as a key to decrypt the ten bytes in
IDEA-CFB mode.  PGP can detect whether a valid passphrase has been entered
by making sure that the 7th and 9th, and the 8th and 10th bytes are the same.
If it appears that a passphrase is valid, it then uses bytes 0-7 as an IV to
decrypt the next 8 bytes of the file.  If the most significant bit of the first
byte of this array is 1, then it prints the passphrase.

On a 486/66DX, I found that it takes about 7 seconds to read in a 1.2 megabyte
passphrase file and try to decrypt the file using every passphrase.
Considering the fact that the NSA, other government agencies, and large
corporations have an incredible amount of computing power, the benefit of
using a large, random passphrase is quite obvious.

Secret key cracking works quite a bit differently.  After the passphrase is
hashed, the IV and each encrypted MPI are decrypted in IDEA-CFB mode.  Then
a simple checksum is calculated over the plaintext of each MPI (the checksum
is not calculated over N and E).  The checksum calculation includes the length
fields of each MPI.  The checksum algorithm consists of a running addition of
every byte.  The output is a 16-bit integer.  The output is then compared with
the unencrypted checksum stored in the secret key file.

IV. CHANGES:

This is a list of changes made from .6b to .99b:

- Functions are now inlined to increase speed

- A "configure" script is now supplied to make compiling easier

- Secret key cracking capability has been added

V. COPYRIGHT:

This program is distributed under the GNU GPL.  Details and terms of the
license are in the file COPYING.
