Password Recovery Software
by Wilf Hey

FOR
The service that Elcomsoft provides for password recovery is full, profound and unique: several independent but similar Windows programs incorporating specialist knowledge about passwords used in common commercial packages and systems, designed to help in the recovery of lost passwords, using several appropriate methods, and links onward to Internet sites for further help.
AGAINST
Of course the very existence of specialist knowledge to crack password control is a threat to security. In legitimate use these programs provide a valuable (if seldom used) service - but of course they can be obtained and misused by people who have no legal interest in information secured by password. In addition it should be noted that though the cost of these programs is very reasonable, an activity such as password recovery is unlikely to be anticipated during budget planning. Individual programs from the suite may have to be purchased for seldom or even one-time use.
VERDICT
Knowing that these programs exist is indeed valuable, even though it is unlikely that many will immediately rush to buy licenses for a selection of them. They are instantly available in trial versions (on demonstration CD or downloaded from the Internet) and full licenses can be instituted quickly and easily. In most cases there is a reduced price for a personal license - yet the cost of a corporate license itself is very reasonable. Only a little specialist knowledge is required.

Occasionally security measures can backfire, and a person with legitimate interest in access to data may find themselves thwarted with ‘too much’ security: a password is needed, but it has been lost. This can of course happen because of several reasons: the normal password holder is ill or has left employment without unlocking some documents; the normal password holder is on holiday or otherwise beyond contact; old data or an old document has been found for which the password has been forgotten; the anticipated password does not work (perhaps because of an incorrect or variant spelling).

It is surprising how many separate programs employ passwords, and often in different ways. The proper use of a secret password often provides an adequate level of security to cover access, authorization and non-repudiation issues; but this depends on a user having sole possession of a password. Sometimes, though, it is necessary for another to know a password, usually when things have gone wrong, and so security must be stripped away to give, for example, an administrator access to files when the password has become lost.

Elcomsoft have specialized in gathering techniques to recognize passwords hidden or encoded within a document, and distilled these into programs that can be used by interested parties. In the majority of cases it seems that the password is hidden - or can be deduced - from reference to certain parts of the protected file, and the relevant password recovery program has no need of clues, patterns or informed guesses. In these cases the correct password can be established instantly.

Among the applications that (optionally) use their own passwords are archiving programs such as PKZip, ACE, ARJ and RAR, along with their Windows incarnations, WinZIP, WinACE, WinARJ and WinRAR. In addition there are routines to generate and use such archives, integrated into other programs. The program offered, given one of these archives, features a controllable search wherein you can prescribe the known or suspected password (for example, certain columns numeric and others alphabetic). If you select ‘brute force’ method it will search and try all possible passwords, automatically advancing until successful. (For ZIP files, for example, it is able to generate and test ten million passwords a second on a Pentium II.)

Another password recovery program will recover passwords to specific files or documents created within Microsoft Office (versions 96, 97 and 2000) by its Word, Excel, Access, Outlook, Money, PowerPoint, Project, Visio, Backup, Schedule Plus, and Mail applications. Most of these are retrieved instantly - no search and trial required. The ‘password to open’ in Word and Excel (versions 97 and 2000) need a ‘brute force’ or informed attack, but can handle about five million trials per second on a Pentium II. In Access it can find both the ‘user level’ and ‘owner info’ passwords, and can unset password protection on protected Visual Basic for Applications (VBA) programs.

Another program is dedicated to cracking the passwords used with instant messengers: AOL, Yahoo!, MSN Messenger, Excite Messenger, Excite, Praise, T-Online, Match, Odigo, Powwow, Prodigy, Praize, ScreenFIRE, Tiscali, Trillian and AT&T IM Anywhere are among the messengers that will yield up their passwords to this program - instantly! Yet another deals with Microsoft Outlook Express, recovering server name, login and password for all mail and news accounts, and passwords to identities. These are all yielded instantly, without any search or hints or guesswork needed. The current version works for all versions of Outlook Express. The program that deals with Microsoft Internet Explorer (which is appropriate for versions from 3 to 6) recovers passwords to web sites saved in a local password list, and AutoComplete strings connected with Form fields. It can also reset Content Advisor Passwords.

Of a different nature altogether is a program that searches for passwords in Windows NT, 2000 or XP systems. Though it can be used to find lost passwords, just like the others, its main use should be to test the integrity of the security imposed on a system. It analyses password hashes (which can be retrieved by hackers from Registry or memory - and even from remote machines) and tries to recover plaintext passwords. There are several other programs available, including ones to locate passwords within files created within Intuit Quicken, Acrobat and Lotus SmartSuite, Symantec ACT! and WordPerfect (including QuattroPro and Paradox). A single program is devoted to recovering login and password information recorded locally in most of the popular email clients, including @nyMail, Calypso mail, Eudora, FoxMail, IncrediMail, Microsoft Internet Mail and News, Netscape Navigator/Communicator Mail, Pegasus Mail, Phoenix Mail, QuickMail Pro and TheBat!.