Password Recovery/Cracking FAQ
- 1.1. Where can I get the latest version of this FAQ?
- 1.2. What is a "password cracker"?
- 1.3. Why is it possible to crack somebody's password?
- 1.4. What are the main cracking methods?
- 1.5. What should I do to make my passwords uncrackable?
- 2.1. What is the difference between password, key and hash?
- 2.2. How difficult is it to crack keys of different length?
- 2.3. How can I estimate time needed to use brute-force for passwords of a certain length?
III. Application passwords
- 3.1.1. Is it possible to crack (ARJ, ZIP, RAR etc) password instantly?
- 2.1.2. How to recover ZIP passwords?
- 2.1.3. How to recover RAR passwords?
- 2.1.4. How to recover ARJ passwords?
- 2.1.6. How can I recover self-extracting archives passwords?
- 3.2.1. Is it possible to crack Office 95 passwords?
- 3.2.2. Is it possible to recover Office 97/2000 passwords?
- 3.2.3. What is the best way to decrypt Word/Excel 97/2000 file with password
- 3.2.4. Is it possible to recover Office XP/2003 passwords?
- 3.2.5. What is the best way to crack Word/Excel XP/2003 file with password for opening?
- 3.3.1. What about PDF documents protection?
IV. Operational systems passwords
- 4.1.1. How can I log into a Windows NT/2000/XP/2003 computer without knowing the administrator's password?
- 4.1.2. How can I bypass the administrator's password in the NT/2000/XP/2003 domain?
- 4.1.3. How can I crack a password in Windows 95/98/Me?
- 4.1.4. How can I crack a password for Windows shared resources?
- 4.1.5. I don't have access to the computer. Is it still possible to crack the administrator's password?
- 4.2.1. How can I log into a Linux computer without knowing the root password?
- 4.2.2. What is the encryption-system used in Novell Netware and is it possible to crack it?
- 5.1. Can I get dial-up passwords?
- 5.2. Can I decrypt ICQ, POP3, FTP, Telnet password in ... application?
- 5.3. How can I crack password for e-mail, www-server etc?
- 6.1. What archivers provide the best encryption?
- 6.2. What are strong file/disk encryption tools?
- 6.3. What tools are known to be not strong?
- 6.4. What cryptographic systems or applications have backdoors?
- 7.1. Where can I get the above password recovery? Where can I get
the password recovery for ...?
- 7.2. The password recovery I have found is shareware/commercial. How to crack
- 7.3. I can't find the necessary cracker. What could I do?
- 7.4. Is there any software that will help me to write my own cracker?
- 7.5. What is the best (fastest) cracker for ...?
- 8.1. Is password recovery legal?
I. Main info
1.1. Where can I get the latest version of this FAQ?
The main URL is http://password-crackers.com/pwdcrackfaq.html.
1.2. What is a "password cracker"?
Password cracker is any program which can decrypt passwords or otherwise
disable password protection (e.g. decrypt file without knowing the password).
If mechanisms of password protection use weak encryption, than it is possible
to recover the original password or pick a new one, considered to be correct.
Otherwise, password crackers can use brute force method trying words after word,
often at high speeds.
1.3. Why is it possible to crack somebody's password?
There are many reasons that make it possible to crack some passwords. These reasons
include human factors such as short or easily-guessing passwords, usage of weak
(proprietary) algorithms, export restrictions that prohibit usage
of strong cryptography, incorrect usage of strong algorithms, some implementation
flaws including backdoors, bugs etc. It's described in details in the article
1.4. What are the main cracking methods?
These methods are based on vulnerabilities existing in cryptoalgorithms
and their implementation.
In case of absolutely weak algorithm or terrible flaws in implementation
it may be "one byte patching" method - then simply changing one
byte in the program will result in correct decrypting without right password.
It is surprising fact that such programs still exist.
Weak algorithms or incorrect usage of strong ones allow using other simple
methods of password recovery. They vary in specific applications but the
main idea is substantial reducing of possible passwords on the basis of
In case of secure algorithms (when attacker can only generate passwords
and check them) two main methods exist - brute force attack and
attack. Brute force attack is used when there is no additional information
on password and attacker simply tries all possible passwords - one-characters,
two-characters etc. To resist this attack the cryptosystem should encourage
long mixed-characters password and should have long password setup time
that significantly decreases brute force speed.
If cracker knows that the password is a certain word he may use dictionary
attack. Then only words from dictionary are tested as password candidates.
The dictionary contains less than 100.000 words so they can be tested
very quickly - in most cases in a few seconds.
The combination of two attacks mentioned above is known as "syllable attack". It
may be used when password is deformed or unexisting word is used, and the cracker
can combine the syllables to get such a word.
The most powerful attack is "rule-based attack". It can be used in any case
when cracker obtains some information about the password he wants to crack.
For example, he knows that password consists of the word and one- or two-digit
number. He writes the rule and the program generates only suitable passwords
(user1, mind67, snapshot99 etc). Another example - he knows that the
first letter is in upper case, the second is a vowel and the password length is not
greater than 6. This information can decrease the number of possible passwords
in 20-30 times. This method includes all - brute force, dictionary
and syllable attacks.
Finally, some weak algorithms allow "known-plaintext attack". It means
that the cracker has some files or file fragments in un-encrypted form and wants
to decrypt others. Strong cryptoalgorithms successfully resist this type
of attack - the knowledge of un-encrypted file will give nothing to cracker.
1.5. What should I do to make my passwords uncrackable?
First, choose the software that uses strong cryptography and implements it correctly (see 5.2).
Then always choose the passwords that are non-words,
contain mixed-case letters and digits, and have reasonable lengths (not less
than 6 symbols). The best way is to use randomly generated password (if you
can remember it). If you can't then it is better not to write the password down on your desktop
but choose more convenient one (for example, it could contain the first letters
of you favorite phrase - if cracker doesn't know this phrase!). You should
not use the same password in different systems or for different internet sites.
II. Some theory
2.1. What is the difference between password, key and hash?
These terms, which are entirely different in cryptography, are often mixed up. Password - is that very word,
word combination or meaningless character set which we enter answering some programs' request. However, these programs
do not use passwords for encryption, they just get keys from them. Encryption keys are bit strings (0 or 1)
of different length, 40, 64 and 128-bit keys are most widely used. So, to decrypt anything you need to know either
password or the key itself.
To get a key from a password the hashing operation is often used. Hashing is a rather complicated cryptographic function, which is getting a string of any length at the input and generating a bit-string of fixed length (hash) at the output. It has to main characteristics: even a minor modifying of the input string leads to complete change of the output hash value; and it's practically impossible to find the input string knowing the hash value.
2.2. How difficult is it to crack keys of different length?
The longer is the key, the more difficult it is to crack it. For example, a 40-bit key can be easily cracked within a couple of days by anyone of us using brute-force on a modern home computer. But to crack a 64-bit key you need to join powers of many computers in the internet, and all the process will take some months. And as for 129-bit keys, no one can crack them at all: neither all the computers in the world working all at once, nor Microsoft or FSB (provided that they don't have new secret technologies, which are unfamiliar to public science).
2.3. How can I estimate how much it will take me to use brute-force for passwords of a certain length?
Quite simply. Try to gauge how many different symbols could have been used in making the password (if you take only lower-case latin letters - then 26, if digits, too - then 36 - see the table below), raise it to the power of the password length - and you will get the number of all possible variants for brute-force. Then you should divide this number by the brute-force rate. To find this rate you can run the cracker with some test file. If you use n computers, this number should by also divided by n.
Table. Quantity and time for brute-force on one computer with the rate about 1 million passwords per second.
||number of symbols in the set
|lower-case latin letters
|lower case latin letters and digits
|lower- and upper-case latin letters and digits
||100 million years
|lower- and upper-case latin letters, digits and special symbols
||more than the Earth exists
III. Application passwords
3.1. Archives passwords.
3.1.1. Is it possible to crack ARJ, ZIP, RAR etc password instantly?
No. The archive password is not stored anywhere in the archive, so you can't extract it or patch the archiver program
to cancel requesting password. Archivers usually encrypt already compressed files (but not compress encrypted ones)
and save their checksum (CRC). Being uncompressed, this file is decrypted and its check sum is verified.
3.1.2. How to recover ZIP passwords?
Zip-archivers (pkzip, WinZip versions up to 8.0) use their own encryption algorithm which is not strong. This causes
two practical vulnerabilities. Firstly, it's always possible to implement a plain-text attack (one unencrypted file from
the archive needed). Secondly, if the archive was created with WinZip (up to 8.0 version only) or Infozip and contains
5 or more files, then it is possible to decrypt the archive with guarantee regardless of password length and complexity.
Both attacks take just couple of hours on the modern computer. In the latest WinZip versions there is an option that allows
using strong AES algorithm. In this case the said attacks are unapplicable and only brute-force can be used.
Modern ZIP password crackers should support all these attacks.
3.1.3. How to recover RAR passwords?
RAR/WinRAR archiver version 2.x used its proprietary, but rather strong encryption algorithm. At least
no RAR 2.0 attacks were known except brute force.
Starting from version 3.0, RAR has been using a strong AES algorithm, which doesn't allow any attacks more effective
than the brute force. Besides, the encryption is implemented so that brute force speed on modern computer is very low,
about 100 passwords per second. This carries inference that RAR 3.x system is the strongest between popular encryption
systems in the context of brute force. This means you couldn't
recover RAR password longer than 6-7 symbols if you have no information
about the password.
3.1.4. How to recover ARJ passwords?
ARJ archiver uses a very weak encryption algorithm: it just XORs the password with the compressed file.
That's why in case you have only one unencrypted file from the archive, then the password for this archive can be found instantly.
ARJ encryption system has some other weaknesses. For example, one can find first 3 characters of password without using the exhaustive search,
and the password testing is very fast, resulting in passwords up to 12-14 characters can be cracked.
3.1.5.Is it possible to crack archives if there are any un-encrypted (or un-compressed) files?
It's called known-plaintext attack (see 1.4). The result depends on archive used. Look at the table:
||Yes, passwords of any length, instantly. You need to know so many bytes of compressed file as equal to password length.
||Yes (if no AES encryption used), passwords of any length, you need to know at least 13 bytes of compressed file. May take some hours on modern PC.
||Yes, passwords of any length, you need to know 3-4 bytes of compressed file. Then you need to do 232-240 operations, which may take some hours or days.
|Your favorite archiver
||Please give me an info
Note that all these methods demand the knowledge of compressed file. It means that if you have uncompressed file, it must be compressed exactly as original encrypted file (the same archiver version, same options etc).
3.1.6. How can I recover self-extracting archives passwords?
Some programs understand self-extracting archives. If your program does not, just remove self-extracting header and
you will get the normal archive. To do this you need to read technical description of archive format, find the
signature archive begins with and remove all bytes lying between the beginning of file and this signature. You could
also find this signature by looking at first bytes of normal archive.
3.2. Microsoft Office passwords
3.2.1. Is it possible to crack Office 95 passwords?
Absolutely. Passwords of any length can be cracked instantly.
3.2.2. Is it possible to recover Office 97/2000 passwords?
The fact is that Office 97 encryption (and the same used in Office 2000) is much stronger than Office 95. But,
Access 97 / Outlook 97 passwords can be cracked instantly
French version of Office 97 doesn't provide strong encryption and corresponding passwords can be recovered without brute-force methods.
Word/Excel read-only passwords, Excel workbook & individual sheets protection, Word document password, VBA passwords are also not secure and can be recovered instantly.
Only password for opening in Word/Excel is strong enough. But because of US export regulations Office 97 uses 40-bit key.
So encrypted files can be decrypted without password knowledge if you find this key.
3.2.3. What is the best way to decrypt Word/Excel 97/2000 file with password for opening?
These programs use a 40-bit key for encryption regardless the password length. That's way you need to check 240 keys for guaranteed decryption of a document. This will take you about a week on a modern computer.
In case you have a multiprocessor/multicore computer or a local network, then you can perform this process effectively in parallel
on your computers.
It is possible to speed up this method even more by using huge precomputed tables, then the needed key can be found in
There are some products and service, offering instant decryption of Word/Excel 97/2000 files.
2.2.4. Is it possible to recover Office XP/2003 passwords?
Most of passwords for this office are cracked instantly, except passwords for opening, which can be up to 128-bit long nowadays.
2.2.5. What is the best way to crack Word/Excel XP/2003 file with password for opening?
At last it appeared to fit adequately the modern abilities of crackers - it uses 128-bit encryption, which allows to
apply brute-force only. But as far as encryption for
Office 97/2000 is used by default, it can be decrypted with guarantee (see q. 3.2.3).
3.3. Other Office
3.3.1 What about PDF documents protection?
PDF security consists of 2 different passwords - a so-called 'user' password and 'owner' password. The first one can
protect the document from opening, the second one can place restrictions to the document, for example print disabling.
Used cryptoalgorithms were being improved with PDF developing - up to version 1.4 only 40-bit keys have been used, then
the 128-bit ones came, and starting from version 1.6, AES encryption is being added.
However, PDF security system is implemented so that a file with restrictions may be
decrypted instantly, irrespective
of the password length, even for 128-bit keys. A document with password for opening, using 40-bit key, can be decrypted
on a modern computer within a week by using guaranteed decryption, like Office 97/2000 (see q. 3.2.3). To open a document
with 128-bit key, only brute force can be used.
IV. Operational systems passwords
4.1. Windows Passwords
4.1.1. How can I log into a Windows NT/2000/XP/2003 computer without knowing the administrator's password?
Windows NT passwords, including the administrator's password are stored as hash (see q. 2.1)in the special file SAM
in %WINDIR%/system32/config directory. It follows that there are to simple cracking methods: firstly, you may try to get
this hash-value out of there and recover the administrator's
password using brute-force, secondly, you can just change this value so that it would correspond with some simple
password, eg. "aaa". You cannot read nor change this file directly, as it is protected by Windows. But we can
reach it using one of the following methods:
- move the HDD to another computer and then get physical access to the file. It's not so easy.
- move the HDD to another computer with the same Windows OS and get access to the file.
- load another OS on this computer (eg. Linux) and get access to the file.
Attention: if you change the administrator's password, you will not be able to get access to files encrypted with EFS.
If you need them, you can only try to recover the correct administrator's password.
4.1.2. How can I bypass the administrator's password in the NT/2000/XP/2003 domain?
There are 2 links on this problem:
Reset Domain Admin Password in Windows 2000 AD
Reset Domain Admin Password in Windows Server 2003 AD
4.1.3. How can I crack a password in Windows 95/98/Me?
Firstly, if the computer is not connected to network, you can simply push the "Cancel"-button while logging in.
If this doesn't work, then you should crack passwords in .PWL-files using special programs,
4.1.4. How can I crack a password for Windows shared resources?
In case of using Windows 95/98/Me there was vulnerability that allowed to crack passwords of any length "letter by letter".
4.1.5. I don't have access to the computer. Is it still possible to crack the administrator's password?
You can hijack the remote login session and then perform the brute-force searching for the hash (or password).
Modern Windows OS has the mechanism preventing this. Sometimes you are able to get access to the remote machine's registry.
4.2. UNIX/Linux, Novell Netware etc passwords
4.2.1. How can I log into a Linux computer without knowing the root password?
In fact, UNIXes store their passwords (hashes) in special files on a disk, it's location depends on OS version.
It used to be the file /etc/passwd. That's why theoretically you can use the same methods
for UNIX (see 4.1.1).
There is a simplier method - it's often possible to load UNIX in single-user mode. Read the documentation for your
UNIX-version to learn how to do it.
4.2. What is the encryption system used in Novell Netware and is it possible to crack it?
Here there is much information on Novell Netware passwords.
V. Internet passwords
5.1. Can I get dial-up passwords?
Yes, regardless the OS being used. Most of providers require plain text password. It means that if you save it
on your computer, it is encoded weakly so that to be in plain form when being sent to the server. Therefore it can be
5.2. Can I decrypt ICQ, POP3, FTP, Telnet password in ... application?
Yes. The same reason (see 5.1). All these services in standard configuration require plain password
from client. Any client must keep it in plain or
encrypted (not hashed) form. It is also possible to run the server emulator which will receive decrypted passwords
from clients. In this case there is no need to examine the client's encryption algorithm - it will work for any program.
5.3. How can I crack password for e-mail, www-server etc?
If you forget your e-mail password, you should contact its support service.
Remote cracking of other's password is illegal.
VI. Strong and weak encryption software
6.1. What archivers provide the best encryption?
Among three most popular archivers - ARJ, ZIP and RAR - the RAR 3.x provides the strongest encryption, because it implements
the standard and strong AES algoritm, has the slowest brute-force rate.
But the possible weakness of RAR is that the program sources is not public domain. The implementation has never been
tested by professional cryptographers.
Among the archivers using strong algorithms and with available source codes the 7-Zip
archiver can be marked out, but it is not known for sure whether it has ever been analised cryptographically.
6.2. What are strong file/disk encryption tools?
Strong file encryption tool is the one that has been used for years, its source code is available, it uses strong
algorithms and implements them correctly, moreover, this implementation should have been tested by several independent
cryptography experts. So PGP certainly is strong file encryption tool.
(Add more ...)
6.3. What tools are known to be not strong?
The tool has a big probability to be not strong if it has one or more
"Snake Oil Warning Signs".
You should also read the Bruce Schneier's Crypto-GRAM from February 15, 1999.
It is even worse when it has no such signs but still it is not strong. It is impossible to distinguish a really good program
from the other that only seems to be one, judging only by it's appearance, documentation, supported functions or authors'
names. Here is incomplete list of programs known to be not strong:
The crackers of the above products exist
Norton Secret Stuff v 1.0
Crypt-O-Text v. 1.21-1.24
WinXFiles (up to v. 3.5)
Encrypt-It for Windows
UnBreakable Encryption (UBE) 98
File Locker 1.11
Package for the Web v. 1.x-3.x
6.4. What cryptographic systems or applications have backdoors?
The most known are Paradox database and AWARD BIOS.
VII. Password recovery software
7.1. Where can I get the above password recovery? Where can I get the password recovery for ...?
Sites with free software:
Sites with commercial password recovery software/services:
7.2. The password recovery I have found is shareware/commercial. How to crack it?
Program cracking is illegal in most countries. You are reading the wrong FAQ.
7.3. I can't find the necessary cracker. What could I do?
You could try to address one of commercial companies listed above. Note that writing such a cracker may take
a long time. It may take much time to crack the password. It may be expensive for you. It may be not possible at all.
7.4. Is there any software that will help me to write my own cracker?
Yes. For example, the library that allows you to write the password cracker with built-in "rule-based attack"
(see 1.4) is Password Cracking Library.
It's free for non-commercial use, portable and written on C.
7.5. What is the best (fastest) cracker for ...?
The best cracker is the one that will find your password. To make it possible the password cracker should support different
attack types and be as fast as possible. The benchmarks and features of different crackers can be found at
Russian Password Crackers site.
8.1. Is password recovery legal?
It is human to forget ones passwords. But one has full authority to get access to his own information, even if he has
forgotten his password. That is the reason to use password-crackers. It needs no saying that cracking other
people's passwords is illegal.