News

Protect Yourself from Lost Passwords

ElcomSoft reliably recovers ZIP passwords.

ElcomSoft makes password recovery utilities for a variety of file formats: Microsoft Office, Lotus SmartSuite, Adobe Acrobat, and others. They sent me a copy of their Advanced Archive Password Recovery utility, which handles the task of determining passwords for ZIP, RAR, ARJ, and other archive files.

The program uses a variety of means to extract files from password-protected archives, including brute force, dictionary, and known-plaintext attacks. It can also exploit weaknesses in some of the encryption algorithms. It took from 15 minutes to six hours on the files I threw at it, on a relatively fast machine—but it succeeded in decrypting the archives.

This brings two conclusions to mind. First, if you happen to be faced with an encrypted archive that you legally own (perhaps it was left behind by an ex-employee), there's an effective way in. Second, I wouldn't trust archive encryption to protect anything terribly sensitive.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus