Need to crack someone else's password?

Tool helps investigators unlock passwords and crypto keys

Passwords are intended to let only authorized users access files and information while keeping everyone else out. But what do you do when, for a legitimate reason such as an investigation, you need to know someone’s password?

If you don’t have the owner’s cooperation, there are tools available to help locate or guess passwords and cryptographic keys, such as Passware Kit Forensic, which scans computers for password-protected files and then searches for the passwords using algorithms to uncover them.

Passware is a password recovery and electronic discovery company, whose customers include the Internal Revenue Service, Secret Service, Senate, Supreme Court, and the Defense, Justice and Homeland Security departments. The kit’s tools can enforce password policies or recover passwords.


Related stories:

Access control is easy — unless you're doing it for everyone

Will digital certificates replace passwords?

Crowbar cracks SD cards and retrieves data without a trace


Sometimes the task is easy, even if the passwords are encrypted.

“It’s not really secure,” Passware president Dmitry Sumin said of the Web browser-based encryption commonly used to protect passwords. And Microsoft’s Office 2003 uses a 40-bit encryption key to protect files. “It is possible to find the key based on the file type” in a matter of minutes, he said.

Full-disk encryption, done right, can be nearly impossible to crack, he said. “If the encryption is strong enough, we use dictionary and brute-force attacks.”

The point of strong passwords and encryption is to make guessing keys and passwords through brute-force attacks difficult. But Passware addresses that challenge through distributed computing, harnessing the computing power of multiple workstations to work on a single password or key problem. Software agents installed on networked computers take advantage of unused computing cycles to speed the process. Passware Kit can support hundreds of agents, although adding even a few additional computers on a task can noticeably speed the process, Sumin said.

Passware Kit also supports hardware accelerators, such as graphics processing units and Tableau TACC1441 hardware, to hasten the process.

However, the software does not need to rely solely on chance and brute force. Knowing the encryption algorithms and password policies that protect files can help tell it what to look for, which reduces the odds somewhat.

That still does not guarantee success against a determined adversary with good tools, Sumin said.

“If we’re talking about a highly paranoiac pedophile, it could be impossible to get into the file,” he said. Passware Kit is one more tool in the investigator’s kit. “We are improving the chances.”

About the Author

William Jackson is a Maryland-based freelance writer.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Sat, Jun 30, 2012 ans indonesia

i like it !!!

Thu, Jul 15, 2010 michelle New York

I know a great password crack software,that is windows password recovery 6.0,an easy-to-use tool designed for resetting local administrator and user passwords on any Windows system

Thu, Jul 15, 2010

I'm not a "paranoiac pedophile" but TruCrypt with a >50 character pass-phrase is my friend for file privacy.

Thu, Jul 15, 2010

Other than free(?) advertising, what was the point of this article? The blackhats of the world already do this. The biggest thing I come away with from reading this is, password security is a joke since no matter what you do, you are limited by Microsoft's implementation of encryption keys, and that is where the attacks are made.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group