And now…. we have Rainbow Tables for Microsoft Excel docs with 40-bit encryption. So, it became possible to reach near-instant recovery of 97% of spreadsheets created in MS Excel 97-2003. Unfortunately, due to specificity of Excel spreadsheets format it’s unreal to get 100%-recovery, still, you can use brute force to cover the rest 3%.  

According to CNET News, Office 14 technical preview will be available in Q3, and release version in the first half of 2010; Office 2010 will come in both 32-bit and 64-bit versions.

Strong passwords are mutated passwords. Everyone who publishes recommendations on creating secure password says that you have to use both upper- and lower-case letters and inject some tricky special characters. Such recommendations may result in p@$$words and pAsswOrds, and p_a_s_s_w_o_r_d_s. The fact is that modern password recovery software uses dictionary attack to get one’s password back. Dictionary attack means searching lists of dictionary words and common phrases that can be found on the Internet or delivered with the software. It is easy to grab that dictionary words and word phrases make bad passwords, but one has to understand that adding special characters to these words and phrases does’t do them any good. Such password can be easily cracked when smart mutations option is on. 

You should be aware that Distributed Password Recovery and Wireless Security Auditor work not only with NVIDIA GeForce cards and Tesla supercomputers (in terms of GPU acceleration), but with professional Quadro cards, too. We never compared the performance of GeForce and Quadro, though. Curious? Then read the Nvidia Quadro FX 4800: Workstation Graphics At Its Finest? article published at Tom’s Hardware today.

In case if you missed it: new ATI Catalyst drivers (9.4) now available (you can read the release notes for details). For some reason, some driver files have been renamed (well, not in 9.4, but in 9.3 released a bit earlier, though that version was really buggy and we cannot recommend to use it anyway), and our WPA password recovery (audit) software was not able to recognize Radeon cards anymore.

You’re probably aware that our Distributed Password Recovery works with Lotus Notes ID files (as well as with two dozen other file formats, of course). Some sad news: in latest versions of Notes (8.5), encryption has been improved. In older versions, only 64-bit and 128-bit RC2 options were available, but now you can also use AES (128-bit or 256-bit). Well, encryption itself does not actually matter, but the problem is that password verification routine is not much better (worse?) as well: 5,000/10,000 SHA-1 cycles have been added. EDPR will be updated accordingly to support new format (you can subscribe to our mailing list to be notified), of course, but don’t expect the high recovery speed: we can get several hundred passwords per second only. For older versions of Notes, the speed was ~100,000 passwords per second or higher.

Looks like a very good system for password cracking (using GPU-accelerated Elcomsoft Distributed Password Recovery), isn’t it? Especially assuming that even single GeForce GTX 295 is faster than Intel Octa-Core CPU (to be released later this year).

Fresh life experience…A very good friend of mine told me a story I would like to share with you with her kind permission. Recently she has found a new job in a medium size company. She was perfectly satisfied with her new position and new tasks. She also got a well equipped working place including her principal tool for work – computer, which actually she inherited from an ex-employee who lately moved to another company. The company could have bought her a new computer, but what for, if there was working one absolutely ownerless. Windows XP already installed along with numerous useful applications, even her favorite Safari was there.

Today morning ElcomSoft announced a new tool for password recovery. This one is a hardware, a supernatural amulet of Siberian shamans. Password Recovery Tambourine appears in 4 editions: Pentagon, Glamourous, Russian and Open Source. This hardware requires a special 15-month training with authentic Yakutsk shaman guild. However, if you are patient enough to spend a year and a half in Siberia and not afraid of permanent frost there, then after the training no password would be strong enough for you. You’ll crack it in seconds with your preferable edition of Password Recovery Tambourine. Cultural note The idea of creating Password Recovery Tambourine grew out of the popular belief between Russian system administrators that when nothing else helps you have to rest your hopes on dancing with a ‘BU-BEN (Russian for ‘tambourine’). They say, dancing with a tambourine helps to reanimate one’s server, find bugs, set up operational system and what not. Implementation of this belief to password recovery was not easy, at least 200 ritual dances have been performed during the development stage. Finally,