Tuesday, April 20, 2010

Accent Office Password Recovery recovers … guess what?

Have you ever had a Microsoft Office document that was locked and you really needed to unlock it? A friend had this problem a while ago and I might have been able to help had I known about Accent Office Password Recovery (AOPR) published by Accentsoft.

The software mounts one of three types of attacks to "crack" the protection. These attacks are brute force, mask-based and dictionary-based attacks.

A dictionary-based attack tests possible passwords based on a list of possible passwords, and can be very successful when a naïve (or lazy) user has chosen a predictable password.

With AOPR you can use any number of dictionaries and a large number of specialized dictionaries can be downloaded. You can also create your own dictionary; these are just plain text files with one word per line.

AOPR can be configured to try each word along with any or all of the following options: working through all combinations of lower and upper case, interchanging adjacent characters, skipping characters, and appending numeric characters to the word.
Windows Password recovery software

Your next choice is a brute force attack. This involves testing all possible passwords and it's sometimes the only way to recover a password. That said, while this could be considered the most reliable method, it is also the slowest with the actual maximum time required being directly dependent on the computing power of your system and the length of the password you're trying to break.

A mask-based attack combines the power of a brute force attack with a directed search by testing only passwords that meet a specific pattern or mask. This assumes you have some idea what the maximum and or minimum length of the password might be.

For the brute force and mask-based attacks, Accentsoft uses a clever trick: When AOPR finds one or more compatible graphics cards, it can run its cracking algorithms on the Graphics Processor Unit (GPU). Currently, AOPR supports ATI graphics cards with Stream/OpenCL technology (the 4XXX and 5XXX families) and Nvidia graphics cards with CUDA technology (eighth generation GeForce graphics cards and later) which, the company claims, can produce passes (i.e. cracking attempts) at a rate 60 times faster than a regular CPU.

I first tested AOPR using a mask-based attack on a password protected Word 2000 document. My password was five characters long so I created a five character mask and allowed for upper- and lowercase as well as numerics, spaces and symbols, which gave AOPR 7,417,954,634 possible passwords to check. On a Dell XPS 420 (2.39GHz Core2 Quad CPU with 4GB of RAM and an Nvidia GeForce 8800 GT video card) running Windows Vista Ultimate SP2, the estimated maximum solution time with AOPR running at normal priority (you can select a higher or lower priority) was around 22 minutes. The reported password testing rate was 4,560,000 tests per second and a solution was found in about 12 minutes.

I also set up a dictionary attack using a dictionary of 3,163,420 words with all of the dictionary attack options enabled except for adding of numeric characters. This resulted in 46,823,788,660 possible passwords and the performance, as reported by AOPR, was about 580,000 attempts per second with an estimated running time of just under one day (I didn't bother letting it run to completion as my password isn't in any dictionary).


No comments:

Post a Comment


Related Posts Plugin for WordPress, Blogger...