Posts Tagged ‘EDPR’

How to Break 70% of Passwords in Minutes

Tuesday, February 14th, 2017

According to surveys, the average English-speaking consumer maintains around 27 online accounts. Memorizing 27 unique, cryptographically secure passwords is nearly impossible for a person one could reasonably call “average”. As a result, the average person tends to reuse passwords, which means that a single password (or its simple variations) can be used to protect multiple online accounts and services. The same passwords are very likely to be chosen to protect access to offline resources such as encrypted archives and documents. In fact, several independent researches published between 2012 and 2016 suggest that between 59 and 61 per cent of consumers reuse passwords.

Considering how consistent the numbers are between multiple researches carried out over the course of four years, we can safely assume that around 60% of consumers reuse their passwords. How can this data help us break passwords, and how did we arrive to the value of 70% in the title? Read along to find out! (more…)

Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)

Wednesday, June 8th, 2016

Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?

We did our research, and are ready to share our findings. Due to the sheer amount of information, we had to break this publication into two parts. In today’s Part I, we’ll discuss the possibility of using a backdoor to hack our way into BitLocker. This publication will be followed by Part II, in which we’ll discuss brute-force possibilities if access to encrypted information through the backdoor is not available. (more…)

Elcomsoft Distributed Password Recovery Updated with OS X Keychain Support and Enhanced GPU Acceleration

Thursday, November 26th, 2015

We’ve recently updated Elcomsoft Distributed Password Recovery, adding enhanced GPU-assisted recovery for many supported formats. In a word, the new release adds GPU-accelerated recovery for OS X keychain, triples BitLocker recovery speeds, improves W-Fi password recovery and enhances GPU acceleration support for Internet Key Exchange (IKE).

(more…)

Elcomsoft Distributed Password Recovery Video Tutorial

Thursday, February 26th, 2015

Anyone considering the possibility to purchase Elcomsoft Distributed Password Recovery has a wonderful opportunity to explore the program together with Sethioz and get a clearer understanding of how the program works and what requires your special attention when you are using EDPR. This video assumes you are already familiar with basics of password cracking and suggests more information for your convenient work with the tool.

This is a very detailed tutorial showing how to prepare EDPR for work, which includes setting up connection between server and agents via local host or Internet, selecting the right IP address, paying attention to the fact that server’s and agent’s versions should be the same (users often neglect this fact), choosing a task, choosing the right attack options (they are all sufficiently explained), using side monitoring tools, checking your GPU temperature and utilization percentage on all connected computers and so on. So, let’s watch it now.

If you had any questions watching this video or would like to share your own experience using EDPR you are welcome to continue the topic here in comments.

Cracking Wi-Fi Passwords with Sethioz

Wednesday, February 18th, 2015

If you care about password cracking, hardware acceleration or Wi-Fi protection this interview with our friend Sethioz is certainly for you. Being currently a freelance security tester Sethioz kindly shared his experience in cracking passwords using video cards, which in its turn derived from his gaming interest in cards. His personal experience may be very helpful to those whose concern about password cracking is not trivial.

How did it all start or what was the reason to try to find a Wi-Fi password?

There is no short answer to this, if there would be, I guess it would be “curiosity”. I think I got my first computer somewhere in 2002-2003 (my own PC) and ever since I’ve been interested in everything that is not “normal”, such as reverse engineering, debugging, hacking games, cracking password etc. (more…)

Distributed Password Recovery: Faster, Smarter and Cost-Effective

Tuesday, February 3rd, 2015

We have just released a long-awaited update to one of our flagship products, Elcomsoft Distributed Password Recovery. While you can learn more about what’s been added and changed from our official announcement, in this post we’d like to share some insight about the path we took to design this update. (more…)

ElcomSoft Breaks Passwords Faster with NVIDIA Tesla K20 Acceleration

Tuesday, February 5th, 2013

We have just updated Advanced Office Password Recovery and Distributed Password Recovery with NVIDIA Tesla K20 support, enabling world’s fastest password recovery with NVIDIA’s latest supercomputing platform. Elcomsoft Advanced Office Password Recovery removes document restrictions and recovers passwords protecting Microsoft Office documents, while Elcomsoft Distributed Password Recovery can quickly break a wide range of passwords on multiple workstations with near zero scalability overhead.

GPU-accelerated password recovery dramatically reduces the time required to break long and complex passwords, offering more than 20-fold performance gain over CPU-only operations (compared to a quad-core Intel i7 CPU). NVIDIA’s latest Tesla K20 platform further increases the performance, delivering a nearly 1.5x performance increase compared to the use of a dual-core NVIDIA GeForce GTX 690 board.

A workstation equipped with an NVIDIA Tesla K20 unit can crunch as many as 27500 Office 2007 passwords per second, or 13500 passwords per second in the case of Microsoft Office 2010. In comparison, the next-best solution, a dual-core GeForce GTX 690 board, can try some 19000 Office 2007 or 9000 Office 2010 passwords per second.

The updated Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery now fully support the latest NVIDIA supercomputing hardware, enabling users to gain unrestricted access to many types of documents in far less time.

ElcomSoft Breaks Into MS Office 2013

Wednesday, September 26th, 2012

ElcomSoft has recently updated two products recovering Microsoft Office passwords with Office 2013 support. Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery received the ability to recover plain-text passwords used to encrypt documents in Microsoft Office 2013 format. Initially, we are releasing a CPU-only implementation, with support for additional hardware accelerators such as ATI and NVIDIA video cards scheduled for a later date.

Stronger Protection

In version 2013, Microsoft used an even tighter encryption compared to the already strong Office 2010. To further strengthen the protection, Microsoft replaced SHA1 algorithm used for calculating hash values with a stronger and slower SHA512. In addition, the encryption key is now 256 bits long, while the previous versions of Microsoft Office were using ‘only’ 128 bits. While the length of the encryption key has no direct effect on the speed of password recovery, the slower and stronger hash calculation algorithm does. It’s obvious that Microsoft is dedicated to making subsequent Office releases more and more secure.

No Brute Force

While we continue supporting brute force attacks, brute force becomes less and less efficient with every new release of Microsoft Office even with full-blown hardware acceleration in place. Office 2013 sets a new standard in document encryption, pretty much taking brute force out of the question. This is why we continue relying on a variety of smart attacks that include a combination of dictionary attacks, masks and advanced permutations. Brute-forcing SHA512 hashes with 256-bit encryption key is a dead end. Smart password attacks are pretty much the only way to go with Office 2013.