Protect Yourself from Lost Passwords -- Microsoft Certified Professional Magazine Online

Protect Yourself from Lost Passwords

ElcomSoft reliably recovers ZIP passwords.

By Mike Gunderloy
12/01/2001

ElcomSoft makes password recovery utilities for a variety of file formats: Microsoft Office, Lotus SmartSuite, Adobe Acrobat, and others. They sent me a copy of their Advanced Archive Password Recovery utility, which handles the task of determining passwords for ZIP, RAR, ARJ, and other archive files.

The program uses a variety of means to extract files from password-protected archives, including brute force, dictionary, and known-plaintext attacks. It can also exploit weaknesses in some of the encryption algorithms. It took from 15 minutes to six hours on the files I threw at it, on a relatively fast machine—but it succeeded in decrypting the archives.

This brings two conclusions to mind. First, if you happen to be faced with an encrypted archive that you legally own (perhaps it was left behind by an ex-employee), there's an effective way in. Second, I wouldn't trust archive encryption to protect anything terribly sensitive.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.

Register! Top 5 Hybrid AD Management Mistakes and How to Avoid Them