DataStronghold.com - Password Cracking FAQ

From [Maximum Security]: A password cracker is any program that can decrypt passwords or otherwise disable password protection. A password cracker need not decrypt anything. In fact, most of them don't. Real encrypted passwords, as you will shortly learn, cannot be reverse-decrypted.

1.3. Why is it possible to crack somebody's password?

There are many reasons that make it possible to crack some passwords. These reasons include human factors such as short or easily-guessing passwords, usage of weak (proprietary) algorithms, export restrictions that prohibit usage of strong cryptography, incorrect usage of strong algorithms, some implementation flaws including backdoors, bugs etc. It's described in details in the article "On cryptosystems untrustworthiness".

1.4. What are the main cracking methods?

These methods are based on vulnerabilities existing in cryptoalgorithms and their implementation.

In case of absolutely weak algorithm or terrible flaws in implementation it may be "one byte patching" method - then simply changing one byte in the program will result in correct decrypting without right password. It is surprising fact that such programs still exist.

Weak algorithms or incorrect usage of strong ones allow using other simple methods of password recovery. They vary in specific applications but the main idea is substantial reducing of possible passwords on the basis of additional information.

In case of secure algorithms (when attacker can only generate passwords and check them) two main methods exist - brute force attack and dictionary attack. Brute force attack is used when there is no additional information on password and attacker simply tries all possible passwords - one-characters, two-characters etc. To resist this attack the cryptosystem should encourage long mixed-characters password and should have long password setup time that significantly decreases brute force speed.

If cracker knows that the password is a certain word he may use dictionary attack. Then only only words from dictionary are tested as password candidates. The dictionary contains less than 100.000 words so they can be tested very quickly - in most cases in a few seconds.

The combination of two attacks mentioned above is known as "syllable attack". It may be used when password is deformed or unexisted word and the cracker can combine the syllables to get such a word.

The most powerful attack is "rule-based attack". It can be used in any case when cracker obtains some information about the password he wants to crack. For example, he knows that password consists of the word and one- or two-digit number. He writes the rule and the program generates only suitable passwords (user1, mind67, snapshot99 etc). Another example - he knows that the first letter is in upper case, the second is a vowel and the password length is not greater than 6. This information can decrease the number of possible passwords in 20-30 times. This method includes all - brute force, dictionary and syllable attacks.

Finally, some weak algorithms allow "known-plaintext attack". It means that the cracker has some files or file fragments in un-encrypted form and wants to decrypt others. Strong cryptoalgorithms successfully resist this type of attack - the knowledge of un-encrypted file will give nothing to cracker.

1.5. What should I do to make my passwords uncrackable?

First, choose the software that uses strong cryptography and implements it correctly (see 5.2). Then always choose the passwords that are non-words, contain mixed-case letters and digits, and have reasonable lengths (not less than 6 symbols). The best way is to use randomly generated password (if you can remember it). If you can't then it is better not to write the password down on your desktop but choose more convenient one (for example, it could contain the first letters of you favorite phrase - if cracker don't know this phrase!). You should not use the same password in different systems or for different internet sites.

II. Application passwords

2.1. Is it possible to crack ... archive if there are any un-encrypted (or un-compressed) files?

It's called known-plaintext attack (see 1.4). The result depends on archive used. Look at the table:

ARJ (without -hg option)	Yes, passwords of any length, instantly. You need to know so many bytes of compressed file as equal to password length.
ZIP	Yes, passwords of any length, you need to know at least 13 bytes of compressed file. May take some hours on modern PC.
RAR 1.5x	Yes, passwords of any length, you need to know 3-4 bytes of compressed file. Then you need to do 2³²-2⁴⁰ operations, which may take some hours or days.
RAR 2.x	Currently no methods are known to do it.
My favorite archiver	Please give me an info

Note that all these methods demand the knowledge of compressed file. It means that if you have uncompressed file, it must be compressed exactly as original encrypted file (the same archiver version, same options etc).

2.2. How can I crack self-extracting archives passwords?

Some programs understand self-extracting archives. If your program does not, just remove self-extracting header and you will get the normal archive. To do this you need to read technical description of archive format, find the signature archive begins with and remove all bytes lying between the beginning of file and this signature. You could also find this signature by looking at first bytes of normal archive.

2.3. Is it possible to crack Office 95 (Word 6.0-7.0, Excel 5.0-7.0, Access 5.0) passwords?

Absolutely. Passwords of any length can be cracked instantly.

2.4. Is it possible to crack Office 97/2000 passwords?

The fact is that Office 97 encryption (and the same used in Office 2000) is much stronger than Office 95. But,

Access 97 / Outlook 97 passwords can be cracked instantly
French version of Office 97 doesn't provide strong encryption and corresponding passwords can be recovered without brute-force methods.
Word/Excel read-only passwords, Excel workbook & individual sheets protection, Word document password, VBA passwords are also not secure and can be recovered instantly.
Only password for opening in Word/Excel is strong enough. But because of US export regulations Office 97 uses 40-bit key. So encrypted files can be decrypted without password knowledge in a few days by searching for this key. Some companies offer such a service. But if your files are exclusively confidential, you may prefer do key searching by yourself.

2.5. What is the best way to crack Word/Excel 97/2000 file with password for opening?

I recommend to spend a reasonable time (1-2 days) to crack password using simple brute-force and dictionary attacks. These methods will test all simple passwords. If they fail, the password is not so simple, and it's a good idea to switch to the key-searching procedure (see 2.4).

2.6. What about PDF documents protection?

The standard security provided by PDF consists of two different methods and two different passwords. A PDF document may be
protected by password for opening ('user' password) and the document may also specify operations that should be restricted even when the document is decrypted: printing; copying text and graphics out of the document; modifying the document; and adding or modifying text notes and AcroForm fields (using 'owner' password). The second method is insecure and can be cracked instantly, the first one is better, but key length is 40 bit that also results in success of key-searching procedure.

III. OS passwords

3.1. Can I crack root (supervisor, administrator) password of UNIX (Novell Netware, Windows NT)?

All these OS provide quite reliable password security. User password is not stored in plain or crypted form. Only hash of password is kept and you can't restore the original password using this hash. But strongness of hash functions is different. For UNIX and Windows NT only brute-force attack is known, for Netware you could find the collision very fast (collision is a string that will be accepted as right password).

3.2. I don't need to know the exact root (supervisor, administrator) password - I just want to login to the system with maximal rights.

The knowledge of hash value (at least, for Netware and Windows NT) gives you an ability to log in (or connect) to the system. If you have physical access to the computer, just change the hash (physically, on the hard disk) to the value you know (for example, calculate the necessary hash for "aaa" password):

for Windows NT (and DOS-port).
for Novell Netware 3.x

3.3. I don't have access to the computer and don't have the hash. Is it still possible?

For Netware 3.x and Windows NT you can hijack the real login session and then perform the brute-force searching for the hash (or password). You can also intercept a telnet session to the UNIX computer - if no special tools are installed then you will see the plain password. Novell Netware 4.x uses the public key cryptography and couldn't be cryptographically cracked. It doesn't mean it couldn't be cracked otherwise - read the necessary FAQs.

3.4. What about login password in Windows 95?

Have you tried to press "Cancel"?

3.5. Could be decrypted passwords in .PWL files?

For Windows for Workgroups and early Windows 95 it could be done with guarantee regardless password length. Windows 95 OSR 2 and Windows 98 use much better encryption and only brute force methods are known today. But undocumented system call exists and you could obtain the password for current user of local machine only.

3.6. What about MS-DOS login passwords?

What? There were some old program that control access on MS-DOS computers. Usually, they used weak schemes and the password could be easily decrypted.

IV. Internet passwords

4.1. Can I get dial-up passwords?

Yes, regardless OS being used. Most providers require password in plain text. Therefore it must be stored in plain or encrypted (not hashed) form and could be decrypted.

4.2. How can I get dial-up password in Windows 95/98/NT?

You need to login to the computer and use any of wide-spread programs.

4.3. How can I get dial-up password in Windows 95/98/NT if I have no rights to login?

It is possible but such a programs are not known.

4.4. Can I decrypt POP3, FTP, Telnet password in ... application?

Yes. The same reason (see 4.1). All these services in standard configuration require plain password from client. Any client, such as Cute-FTP, FAR, Netscape or Microsoft Mail, The Bat and all others must keep it in plain or encrypted (not hashed) form.

V. Strong and weak encryption software

5.1. What archivers provide the best encryption?

Among three most popular archivers - ARJ, ZIP and RAR - the RAR 2.x provides the strongest encryption, because it has the slowest brute-forcing speed and no "known-plaintext" methods are known. But the possible weakness of RAR 2.x is it's own proprietary algorithm. It was never tested by professional cryptographers.

So, if you need the guaranteed strongest archiver then you must select one of well-known strong algorithms and correctly implement it. If you know such an archiver - let me know.

NOTE: There are at least two archivers that implement strong algorithms: CuteZip and SBC but the inplementation needs to be tested.

5.2. What are strong file encryption tools?

See above. Strong tools use strong independently tested algorithms and implement them correctly. The availability of source code is important factor that could prove this. So PGP certainly is strong file encryption tool.
Note: There are some rumors about insecurity of modern commecial PGP versions. Recently one flaw in PGP 5.5 & 6.5 has been found. Therefore, I recommend to use PGP v. 2.6.2.

(Add more ...)

5.3. What tools are known to be not strong?

The tool has a big probability to be not strong if it has one or more "Snake Oil Warning Signs". You should also read the Bruce Schneier's Crypto-GRAM from February 15, 1999. Here is incomplete list of programs known to be not strong:

Norton Secret Stuff v 1.0
Crypt-O-Text v. 1.21-1.24
WinXFiles (up to v. 3.5)
Icon Lock-It
Encrypt-It for Windows
UnBreakable Encryption (UBE) 98
File Locker 1.11
Package for the Web v. 1.x-3.x
MasterKey

The crackers of the above products can be found here. Other great collection of snake oils and its crackers is on Joe Peschel site, Suby site

(Add more...)

5.4. What are strong disk encryption tools?

The same criteria (see 5.1). BestCrypt and PGPDisk are known to be good.

5.5. What cryptographic systems or applications have backdoors?

The most known are Paradox database and AWARD BIOS.

VI. Password cracker software

6.1. Where can I get the above password crackers? Where can I get the password cracker for ...?

Sites with free crackers:

Sorted and benchmarked password crackers for many programs can be found at Russian Password Cracker site.
Great collection of crackers is at the Joe Peschel site.

Sites with commercial crackers/services:

Password-Find - Word and Excel password recovery service.
Elcom - most Microsoft products, popular archivers etc.
Passware - most Microsoft products
LastBit - most Microsoft products, cracking service
AccessData - Microsoft, databases etc
Crak Software Microsoft, databases etc
Password Crackers, Inc - password cracking service for a lot of products

6.2. The password cracker I have found is shareware/commercial. How to crack it?

Program cracking is illegal in most countries. You are reading the wrong FAQ.

6.3. I can't find the necessary cracker. What could I do?

You could try to address to the one of commercial companies listed above. You could try to address to FAQ author. Note that writing such a cracker may take a long time. It may take a very long time to crack the password. It may be expensive for you. It may be not possible at all.

6.4. Is there any software that will help me to write my own cracker?

Yes. For example, the library that allows you to write the password cracker with built-in "rule-based attack" (see 1.4) is Password Cracking Library. Its features are: brute-force, brute force with static characters, dictionary, dictionary with word modifiers, syllable attacks, misspelled password recovery - i.e., powerful rule-based attacks, multiple language support, timing and benchmarking functions, any password length. It's free and supports any OS.

There is also a software allowing you to write distributed client-server password cracking applications.

6.5. What is the best (fastest) cracker for ...?

The best cracker is one that will find your password. To make it possible the password cracker should support different attack types and be as fast as possible. The benchmarks and features of different crackers can be found at Russian Password Crackers site.

VII. Law

7.1. Is password cracking legal?

VIII. Links and related info.

Related Items:

< Prev		Next >

[ Back ]

Joomla! is Free Software released under the GNU/GPL License.

Main Menu

Syndicate

Latest News

Popular

(c) Pavel Semjanov, 1999-2000

I. Main info

1.1. Where can I get the latest version of this FAQ?

1.2. What is a "password cracker"?