Why Password Recovery?

Password recovery is a legitimate requirement for many organizations and individuals. The reasons for needing to recover a password vary depending on the circumstance, but can include:

  • The simple mistake of forgetting the password to an important document or file. Many document formats including Microsoft Word (doc, docx), Microsoft Excel (xls, xlsx) and pdf’s are a few examples of document formats that have the ability to be locked by a password. Other file types that can be encrypted with passwords are compressed archives such as zip files and rar files.
  • Perhaps a former employee password protected documents that the business requires, and for whatever reason getting the password from the individual is no longer possible.
  • During a penetration test (an aggressive security audit of a computer network) the penetration tester would be doing their best to get the hands on passwords whether they are for password protected files or to gain access to computer systems.

When recovery of a password can affect the businesses bottom line it pays to have an understanding of the art of password recovery. Different versions of products (such as the Microsoft Office Suite) can significantly affect the difficultly in being able to recover the required password. A hash type such as MD5 while commonly used in the past is relatively easy to break (through brute force matching of the computed hashes).

Cracking and Decrypting Passwords

Password recovery has a wealth of jargon that can mean the same thing or very different things depending on the password breaking technique being used. Decrypting, decoding and brute forcing are all different ways that a password can be attacked. In the end the correct technical phrase does not matter when you just want to get the password to your locked up XLS budget!

A few years ago the first seeds of this project were planted. It began when I fired up my gaming NVIDIA (GPU) video card and started computing hashes using the GPU. It was amazing to see the rate at which hashes could be generated using the GPU when compared to the CPU. Since then I have expanded building a lab with a number of hefty NVIDIA based GPU’s and have played with EC2 GPU instances in the Amazon cloud.