Protect Yourself from Lost Passwords
ElcomSoft reliably recovers ZIP passwords.
ElcomSoft makes password recovery utilities for a variety of file formats:
Microsoft Office, Lotus SmartSuite, Adobe Acrobat, and others. They sent
me a copy of their Advanced Archive Password Recovery utility, which handles
the task of determining passwords for ZIP, RAR, ARJ, and other archive
The program uses a variety of means to extract files from password-protected
archives, including brute force, dictionary, and known-plaintext attacks.
It can also exploit weaknesses in some of the encryption algorithms. It
took from 15 minutes to six hours on the files I threw at it, on a relatively
fast machine—but it succeeded in decrypting the archives.
This brings two conclusions to mind. First, if you happen to be faced
with an encrypted archive that you legally own (perhaps it was left behind
by an ex-employee), there's an effective way in. Second, I wouldn't trust
archive encryption to protect anything terribly sensitive.
Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.