Need to crack someone else's password?

Tool helps investigators unlock passwords and crypto keys

Passwords are intended to let only authorized users access files and information while keeping everyone else out. But what do you do when, for a legitimate reason such as an investigation, you need to know someone’s password?

If you don’t have the owner’s cooperation, there are tools available to help locate or guess passwords and cryptographic keys, such as Passware Kit Forensic, which scans computers for password-protected files and then searches for the passwords using algorithms to uncover them.

Passware is a password recovery and electronic discovery company, whose customers include the Internal Revenue Service, Secret Service, Senate, Supreme Court, and the Defense, Justice and Homeland Security departments. The kit’s tools can enforce password policies or recover passwords.

Related stories:

Access control is easy — unless you're doing it for everyone

Will digital certificates replace passwords?

Crowbar cracks SD cards and retrieves data without a trace

Sometimes the task is easy, even if the passwords are encrypted.

“It’s not really secure,” Passware president Dmitry Sumin said of the Web browser-based encryption commonly used to protect passwords. And Microsoft’s Office 2003 uses a 40-bit encryption key to protect files. “It is possible to find the key based on the file type” in a matter of minutes, he said.

Full-disk encryption, done right, can be nearly impossible to crack, he said. “If the encryption is strong enough, we use dictionary and brute-force attacks.”

The point of strong passwords and encryption is to make guessing keys and passwords through brute-force attacks difficult. But Passware addresses that challenge through distributed computing, harnessing the computing power of multiple workstations to work on a single password or key problem. Software agents installed on networked computers take advantage of unused computing cycles to speed the process. Passware Kit can support hundreds of agents, although adding even a few additional computers on a task can noticeably speed the process, Sumin said.

Passware Kit also supports hardware accelerators, such as graphics processing units and Tableau TACC1441 hardware, to hasten the process.

However, the software does not need to rely solely on chance and brute force. Knowing the encryption algorithms and password policies that protect files can help tell it what to look for, which reduces the odds somewhat.

That still does not guarantee success against a determined adversary with good tools, Sumin said.

“If we’re talking about a highly paranoiac pedophile, it could be impossible to get into the file,” he said. Passware Kit is one more tool in the investigator’s kit. “We are improving the chances.”

About the Author

William Jackson is a Maryland-based freelance writer.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Sat, Jun 30, 2012 ans indonesia

i like it !!!

Thu, Jul 15, 2010 michelle New York

I know a great password crack software,that is windows password recovery 6.0,an easy-to-use tool designed for resetting local administrator and user passwords on any Windows system

Thu, Jul 15, 2010

I'm not a "paranoiac pedophile" but TruCrypt with a >50 character pass-phrase is my friend for file privacy.

Thu, Jul 15, 2010

Other than free(?) advertising, what was the point of this article? The blackhats of the world already do this. The biggest thing I come away with from reading this is, password security is a joke since no matter what you do, you are limited by Microsoft's implementation of encryption keys, and that is where the attacks are made.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group