This is a
pre-release version of the FAQ. Please don't distribute it now. It's better to provide me with more questions and answers to correct existing FAQ
units and my English.
v. 0.96
1.1. Where can I get the latest version of this FAQ?
1.2. What is a "password cracker"?
1.3. Why is it possible to crack somebody's password?
1.4. What are the main cracking methods?
1.5. What should I do to make my passwords uncrackable?
2.1. Is it possible to crack ... archive if there are some un-encrypted (or un-compressed) files?
2.2. How can I crack self-extracting archives passwords?
2.3. Is it possible to crack Office 95 (Word 6.0-7.0, Excel 5.0-7.0) passwords?
2.4. Is it possible to crack Office 97 passwords?
2.5. What is the best way to crack Word/Excel 97/2000 file with password for opening?
2.6. What about PDF documents protection?
3.1. Can I crack root (supervisor, administrator) password of UNIX (Novell Netware, Windows NT)?
3.2. I don't need to know the exact root (supervisor, administrator) password - I just want to log into the system with maximal rights.
3.3. I don't have access to the computer and don't have the hash. Is it still possible?
3.4. What about login password in Windows 95?
3.5. Could decrypted passwords be in .PWL files?
3.6. What about MS-DOS login passwords?
4.1. Can I get dial-up passwords?
4.2. How can I get dial-up password in Windows 95/98/NT?
4.3. How can I get dial-up password in Windows 95/98/NT if I have no rights to login?
4.4. Can I decrypt POP3, FTP, Telnet password in ... application?
V. Strong and weak encryption software
5.1. What archivers provide the best encryption?
5.2. What are strong file encryption tools?
5.3. What tools are known to be not strong?
5.4. What are strong disk encryption tools?
5.5. What cryptographic systems or applications have backdoors?
6.1. Where can I get the above password crackers? Where can I get the password cracker for ...?
6.2. The password cracker I have found is shareware/commercial. How to crack it?
6.3. I can't find the necessary cracker. What could I do?
6.4. Is there any software that will help me to write my own cracker?
6.5. What is the best (fastest) cracker for ...?
7.1. Is password cracking legal?
The main URL is http://password-crackers.com/pwdcrackfaq.html.
From [Maximum Security]: A password cracker is any program
that can decrypt passwords or otherwise disable password protection. A password
cracker need not decrypt anything. In fact, most of them don't. Real encrypted
passwords, as you will shortly learn, cannot be reverse-decrypted.
There are many reasons that make it possible to crack some
passwords. These reasons include human factors such as short or easily-guessing
passwords, usage of weak (proprietary) algorithms, export restrictions that
prohibit usage of strong cryptography, incorrect usage of strong algorithms,
some implementation flaws including backdoors, bugs etc. It's described in
details in the article "On
cryptosystems untrustworthiness".
These methods are based on vulnerabilities existing in
cryptoalgorithms and their implementation.
In case of absolutely weak algorithm or terrible flaws in implementation it may be "one byte patching" method - then simply changing one byte in the program will result in correct decrypting without right password. It is surprising fact that such programs still exist.
Weak algorithms or incorrect usage of strong ones allow using other simple methods of password recovery. They vary in specific applications but the main idea is substantial reducing of possible passwords on the basis of additional information.
In case of secure algorithms (when attacker can only generate passwords and check them) two main methods exist - brute force attack and dictionary attack. Brute force attack is used when there is no additional information on password and attacker simply tries all possible passwords - one-characters, two-characters etc. To resist this attack the cryptosystem should encourage long mixed-characters password and should have long password setup time that significantly decreases brute force speed.
If cracker knows that the password is a certain word he may use dictionary attack. Then only only words from dictionary are tested as password candidates. The dictionary contains less than 100.000 words so they can be tested very quickly - in most cases in a few seconds.
The combination of two attacks mentioned above is known as "syllable attack". It may be used when password is deformed or unexisted word and the cracker can combine the syllables to get such a word.
The most powerful attack is "rule-based attack". It can be used in any case when cracker obtains some information about the password he wants to crack. For example, he knows that password consists of the word and one- or two-digit number. He writes the rule and the program generates only suitable passwords (user1, mind67, snapshot99 etc). Another example - he knows that the first letter is in upper case, the second is a vowel and the password length is not greater than 6. This information can decrease the number of possible passwords in 20-30 times. This method includes all - brute force, dictionary and syllable attacks.
Finally, some weak algorithms allow "known-plaintext attack". It means that the cracker has some files or file fragments in un-encrypted form and wants to decrypt others. Strong cryptoalgorithms successfully resist this type of attack - the knowledge of un-encrypted file will give nothing to cracker.
First, choose the software that uses strong cryptography and
implements it correctly (see 5.2). Then always choose the passwords that are
non-words, contain mixed-case letters and digits, and have reasonable lengths
(not less than 6 symbols). The best way is to use randomly generated password
(if you can remember it). If you can't then it is better not to write the
password down on your desktop but choose more convenient one (for example, it
could contain the first letters of you favorite phrase - if cracker don't know
this phrase!). You should not use the same password in different systems or for
different internet sites.
It's called known-plaintext attack (see 1.4). The result depends on
archive used. Look at the table:
|
ARJ (without -hg option) |
Yes,
passwords of any length, instantly. You need to know so many bytes of
compressed file as equal to password length. |
|
ZIP |
Yes,
passwords of any length, you need to know at least 13 bytes of compressed
file. May take some hours on modern PC. |
|
RAR 1.5x |
Yes, passwords of any length, you need to know 3-4 bytes
of compressed file. Then you need to do 232-240
operations, which may take some hours or days. |
|
RAR 2.x |
Currently no methods are known to do it. |
|
My favorite archiver |
Please give me an info |
Note that all these methods demand the knowledge of compressed file. It means that if you have uncompressed file, it must be compressed exactly as original encrypted file (the same archiver version, same options etc).
Some programs understand self-extracting archives. If your
program does not, just remove self-extracting header and you will get the
normal archive. To do this you need to read technical description of archive
format, find the signature archive begins with and remove all bytes lying
between the beginning of file and this signature. You could also find this
signature by looking at first bytes of normal archive.
Absolutely. Passwords of any length can be cracked
instantly.
The fact is that Office 97 encryption (and the same used in
Office 2000) is much stronger than Office 95. But,
I recommend to spend a reasonable time (1-2 days) to crack
password using simple brute-force and dictionary attacks. These methods will
test all simple passwords. If they fail, the password is not so simple, and
it's a good idea to switch to the key-searching procedure (see 2.4).
The standard security provided by PDF consists of two
different methods and two different passwords. A PDF document may be
protected by password for opening ('user' password) and the document may also
specify operations that should be restricted even when the document is
decrypted: printing; copying text and graphics out of the document; modifying
the document; and adding or modifying text notes and AcroForm fields (using
'owner' password). The second method is insecure and can be cracked instantly,
the first one is better, but key length is 40 bit that also results in success
of key-searching
procedure.
All these OS provide quite reliable password security. User
password is not stored in plain or crypted form. Only hash of password is kept
and you can't restore the original password using this hash. But strongness of
hash functions is different. For UNIX and Windows NT only
brute-force attack is known, for Netware you could find the collision very
fast (collision is a string that will be accepted as right password).
The knowledge of hash value (at least, for Netware and
Windows NT) gives you an ability to log in (or connect) to the system. If you
have physical access to the computer, just change the hash (physically, on the
hard disk) to the value you know (for example, calculate the necessary hash for
"aaa" password):
·
for Windows
NT (and DOS-port).
·
for Novell Netware 3.x
For Netware 3.x
and Windows NT you can hijack
the real login session and then perform the brute-force searching for the hash
(or password). You can also intercept a telnet session to the UNIX computer -
if no special tools are installed then you will see the plain password. Novell
Netware 4.x uses the public key cryptography and couldn't be cryptographically
cracked. It doesn't mean it couldn't be cracked otherwise - read the necessary FAQs.
Have you tried to press "Cancel"?
For Windows for Workgroups and early Windows 95 it could be done with
guarantee regardless password length. Windows 95 OSR 2 and Windows 98 use much
better encryption and only brute force methods are known
today. But undocumented system call exists and you could obtain the
password for current user of local machine only.
What? There were some old program that control access on
MS-DOS computers. Usually, they used weak schemes and the password could be
easily decrypted.
Yes, regardless OS being used. Most providers require
password in plain text. Therefore it must be stored in plain or encrypted (not
hashed) form and could be decrypted.
You need to login to the computer and use any of
wide-spread programs.
It is possible but such a programs are not known.
Yes. The same reason (see 4.1). All these services in
standard configuration require plain password from client. Any client, such
as Cute-FTP, FAR, Netscape or Microsoft Mail, The Bat and all others must keep
it in plain or encrypted (not hashed) form.
Among three most popular archivers - ARJ, ZIP and RAR - the
RAR 2.x provides the strongest encryption, because it has the slowest
brute-forcing speed and no "known-plaintext" methods are known. But
the possible weakness of RAR 2.x is it's own proprietary algorithm. It was
never tested by professional cryptographers.
So, if you need the guaranteed strongest archiver then you must select one of well-known strong algorithms and correctly implement it. If you know such an archiver - let me know.
NOTE: There are at least two archivers that implement strong algorithms: CuteZip and SBC but the inplementation needs to be tested.
See above. Strong tools use strong independently tested
algorithms and implement them correctly. The availability of source code is
important factor that could prove this. So PGP certainly is strong file
encryption tool.
Note: There are some rumors about insecurity of modern commecial PGP
versions. Recently one flaw in PGP 5.5 & 6.5 has been found. Therefore, I
recommend to use PGP v. 2.6.2.
(Add more ...)
The tool has a big probability to be not strong if it has
one or more "Snake Oil
Warning Signs". You should also read the Bruce Schneier's Crypto-GRAM from
February 15, 1999. Here is incomplete list of programs known to be not
strong:
·
Norton Secret Stuff v 1.0
·
Crypt-O-Text v. 1.21-1.24
·
WinXFiles (up to v. 3.5)
·
Icon Lock-It
·
Encrypt-It for Windows
·
UnBreakable Encryption (UBE) 98
·
File Locker 1.11
·
Package for the Web v. 1.x-3.x
·
MasterKey
The crackers of the above products can be found here. Other
great collection of snake oils and its crackers is on Joe Peschel site, Suby site
(Add more...)
The same criteria (see 5.1). BestCrypt and PGPDisk
are known to be good.
The most known are Paradox database
and AWARD BIOS.
Sites with free crackers:
·
Sorted and benchmarked password crackers for many
programs can be found at Russian
Password Cracker site.
·
Great collection of crackers is at the Joe Peschel site.
Sites with commercial crackers/services:
·
Password-Find
- Word and Excel password recovery serviice.
·
Elcom -
most Microsoft products, popular archivers etc.
·
Passware -
most Microsoft products
·
LastBit - most
Microsoft products, cracking service
·
AccessData -
Microsoft, databases etc
·
Crak Software Microsoft,
databases etc
·
Password Crackers, Inc
- password cracking service for a lot off products
Program cracking is illegal in most countries. You
are reading the wrong FAQ.
You could try to address to the one of commercial companies
listed above. You could try to address to FAQ author. Note
that writing such a cracker may take a long time. It may take a very long time
to crack the password. It may be expensive for you. It may be not possible at
all.
Yes. For example, the library that allows you to write the
password cracker with built-in "rule-based attack" (see 1.4) is Password Cracking Library.
Its features are: brute-force, brute force with static characters, dictionary,
dictionary with word modifiers, syllable attacks, misspelled password recovery
- i.e., powerful rule-based attacks, mulltiple language support, timing and
benchmarking functions, any password length. It's free and supports any OS.
There is also a software allowing you to write distributed client-server password cracking applications.
The best cracker is one that will find your password. To
make it possible the password cracker should support different attack types and
be as fast as possible. The benchmarks and features of different crackers can
be found at Russian
Password Crackers site.
?