Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
CCGUESS(1)			  Encryption			    CCGUESS(1)

       ccguess - search	for ccrypt encryption keys

       ccguess [options] file...

       The  ccguess  program  attempts	to  guess ccrypt(1) encryption keys by
       searching the relevant part of the key space. This is done by prompting
       the user	for an approximate key and then	trying many variations of this
       key. This is intended to	assist ccrypt users in recovering mistyped  or
       forgotten keys, provided	that they remember at least part of the	key.

       Note  that  ccrypt provides strong cryptographic	security: there	are no
       special back doors or shortcuts to recovering  forgotten	 keys.	There-
       fore,  the  ccguess program does	not have any special powers. It	simply
       works by	trying different keys until a possible match is	found.

       A search	of the entire key space	is not	usually	 a  practical  option.
       ccguess	therefore  works by prompting the user for an approximate key.
       It then tries all variations that can be	obtained by applying  a	 small
       number  of  changes. Here, each change is either	a deletion of one let-
       ter, an insertion of one	letter,	a replacement of  one  letter  by  an-
       other,  or a transposition of two adjacent letters. By default, ccguess
       searches	all keys that differ from the  approximate  key	 by  up	 to  5
       changes.	 The  number  of  changes  searched  can  be adjusted with the
       --depth option.

       The mechanism by	which ccguess determines whether a key is a  "possible
       match"  is  the	same as	that used by ccrypt to reject non-matching de-
       cryption	keys. There is a small chance of a false match,	i.e.,  ccguess
       may  find  a  key  that turns out not to	be the true encryption key and
       does not	decrypt	the file correctly. A  false  match  happens  approxi-
       mately  once  for  every	4.3 billion keywords tried, so the longer your
       search goes on, the higher the likelihood that a	false match is	found.
       Normally,  ccguess  stops  after	the first possible match is found, but
       the -c option can be used to search for additional keys.	The  possibil-
       ity of a	false match can	be further reduced by supplying	multiple files
       that have been encrypted	with the same key. In this case, ccguess  will
       search  for  keys that match any	of the files, but will print a warning
       for keys	that do	not match all of the files.

       The following options are supported:

       -h, --help
		 Help. Print usage information and exit.

       -L, --license
		 Print license info and	exit.

       -V, --version
		 Print version info and	exit.

       -K key, --key key
		 Specify the approximate key on	the command line, rather  than
		 prompting the user for	it.

       -d n, --depth n
		 Search	keys that contain up to	n changes. The default is 5.

       -c, --continue
		 Keep trying more keys even after the first match is found. By
		 default, ccguess will stop after the first key	is found  that
		 matches all input files.

       -t chars, --chartable chars
		 Specify  the  list  of	characters to try for replacements and
		 insertions. By	default, ccguess will try all printable	 ASCII
		 characters. If	you know, for example, that your key only used
		 lowercase letters and numbers,	you can	speed up the search by
		 specifying  a	list  of characters explicitly.	This option is
		 mutually exclusive with -n.

       -n, --non-printable
		 Allow non-printable characters	in keys. By  default,  ccguess
		 will  only  try printable ASCII characters. Note that the use
		 of this option	slows down the search significantly. This  op-
		 tion is mutually exclusive with -t.

       file	 The  name  of a file that has been encrypted with the unknown
		 key. This file	is only	read from, not written to. The special
		 filename "-" is used to denote	standard input.

		 If multiple files are specified, ccguess will search for keys
		 that match any	of the files, but will	print  a  warning  for
		 keys that do not match	all of the files.

       Suppose	the  file  myfile.cpt has been encrypted with the key "garden-
       house", but the user remembers "gardenhose". The	command

	  ccguess -K gardenhose	myfile.cpt

       will find the correct key after 2318 guesses.

       The exit	status is 0 if at least	one possible match is found, 1	if  no
       matches are found, and >=2 if an	error occurred.


       Peter Selinger <selinger	at>

       Copyright (C) 2000-2018 Peter Selinger

       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published  by  the
       Free  Software Foundation; either version 2 of the License, or (at your
       option) any later version.

       This program is distributed in the hope that it	will  be  useful,  but
       WITHOUT	ANY  WARRANTY;	without	 even  the  implied  warranty  of MER-
       Public License for more details.

       You should have received	a copy of the GNU General Public License along
       with this program; if not, write	to the Free Software Foundation, Inc.,
       51  Franklin Street, Fifth Floor, Boston, MA 02110-1301,	USA.  See also

Version	1.11			   July	2018			    CCGUESS(1)


Want to link to this manual page? Use this URL:

home | help