Methods for recovering passwords are often called attacks. With the current version of our software, you can implement three types of attacks.
- Brute-force attack. Such an attack checks all possible variants of a password. You specify the length and character range of the password. It is the most reliable type of attack, but it is also takes the longest time.
- Mask-based brute-force attack. Here you have a greater opportunity to apply rules for generating passwords – you can specify a mask for the password. Such an attack reduces the search time, but it implies that you have some information about the password that makes it possible to specify the mask.
- Dictionary-based attack. Here a limited number of passwords stored in a text file called a dictionary is checked. There is a password on each line in the file, and the program reads and checks them one by one. This is usually the fastest way to recover a password since it is a word that makes sense and can be entered into the dictionary.
Passcovery Suite can attack short encryption keys (40-bit keys used to encrypt Microsoft Excel/Word 97-2000 compatible documents) and nearly instantly decrypt password-protected documents. The application supports two kinds of attack.
- Rainbow table attack. Key search is done among pre-computed values arranged in tables. On average, the entire key-search and data-decryption time is just tens of seconds, and it does not depend on password complexity.
- Encryption key attack. Search is done by direct enumeration of all possible key values (there are 240 of them). Generally, this kind of attack is much faster than password attack.