Password forensic | no password is secure

Everybody looses a password in his life. Well poop is you do, but i checked the best tools to recover multiple files that was password protected. ….. and yes my own files!

Most passwords in files used in PDF,ZIP,7Zip,Office and some more

I get some PDF and ZIP in the old standard encryption on test.

PDF: 128 bit RC4

ZIP:  2.0

Any way before we talk to much. Passware was given me a 1 month serial for the Forensic Studio to test it.  Here a nice screenshot …


My aim was to get the best tool that supports speed. So the TOP TEN of Recovery tools are

  1. Passware Forensic Studio  ~ arround 1000 $ but it has 5 clients included. Extra clients arround 100$ per client.
  2. Elcomsoft provides lots of tools we choose the Bundle included 20 clients. Price arround 5000€ !!!

So we can save cash if we wanna buy a recovery tool. Passware 1000$ + 20 clients = 3000$

So the rest of the tools comes later, first i have to explain a recovery. Don´t waste your money.

The Password

If you set a password under 6 chars it can be recovered in minutes. So for all that are sure you used just 6 chars grab some FREEWARE!

The Algo how the password is secure is needed as information. If you have a password like 12345 and hash the password with MD5 it takes a little bit longer to recover it. With a SHA-512 it takes f*ck*ng long time, you can be lucky if you can recover it with good GPU´s.

So next step is what kind of encryption is applied too?! If we talk about DES it doesnt matter, but if  AES comes into the game it is a huge differents.

For example we mix SHA512 and AES256 together its a GAME OVER for now. But outside are some weaker mixes.

You are not lost if you want to take a peek in your file, that’s why i tested some tools 🙂

Anyway…. a crypto is just math and can be recovered, but it needs more time. The solution called cluster or cloud cracking it isn’t new. You can also rent EC2 Amazon to crack things.

This setup is a hell-raiser….

Master Server: 2X Intel 16 Cores – 256GB RAM – 4X Nvidia or ATI GFX card´s. The price is arround 8000€ included HDD and stuff.

Clients: just more cores as possible… and a quad SLI Nvidia… the Ram doesnt matter.. 8-16GB.

Open the HELL DOORS use EC2 with 150 Cores and a bunch of GPU power! Ohhh the price isn’t cheap… try to get some 20-30K $ together 🙂

So don’t invest much money into a recovery tool… if you need it ok spend max. 20€/$ for it. The rest can be done by Freeware!

Continue the TOP TEN: 3. low budget application´s and 4. FREEWARE

Facts on my Rig´s local just low budget….. In 1 hour i checked 62 trillions of password´s with a brute force attack.


If you need help… use the contact button 🙂


Dieser Beitrag wurde unter Passwords abgelegt und mit , , , , , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.