ElcomSoft
PDF Password Recovery Service
Home Control Panel Frequently Asked Questions Contact Us

Frequently Asked Questions




What Is a "Password Recovery Service"?

A password recovery service is a service which can decrypt passwords or otherwise disable password protection (e.g. decrypt file without knowing the password). If the method of password protection uses a weak encryption, then it is possible to recover the original password or pick a new one. Otherwise, password recovery services can use the brute force method of trying word after word, often at high speeds.

What Are the Various Password Recovery Methods?

The basic methods of password recovery are brute force, mask attack, dictionary search, encryption key search (less possible combinations in comparison with brute force) and the so-called "rainbow attack". Sometimes other methods of restoring access to a file are used, for example, known-plaintext attack. Let's review some of the methods briefly.

Brute force attack

Brute force attack is simple: In search for a password, a program tries every possible combination of symbols. The search may be restricted to a certain length and character set (letters, digits and other symbols).

But how much time does the brute force attack need to recover a password? This depends on the factors mentioned above (such as password length, character set), performance of the PC used for password recovery task, and the file type.

Of course, a correct password may be found quickly in which case the program won't have to try all the possible combinations. But you shouldn't count on that. The task can literally take years, if running on an average PC. The brute force attack, as the most time-consuming method, may be resorted to when all other methods have failed.

Mask attack

In cases where you created the password yourself, you may try to recover it with the help of mask attack by limiting the search range. For example, you might remember the length of a password or some of the symbols. Any such information may assist you.

For example, you could be quite sure that you used only digits and lowercase Latin letters. If this is the case, when setting search parameters, you may exclude specific symbols and uppercase letters. This is ideal if you know a specific position of a symbol in a password. For example: The password consists of 10 symbols, starts with a letter "a" and ends with "2007", in which case you use the "a?????2007" search pattern. Unknown symbols are designated with question marks in the pattern.

With the mask attack method, the program has to try fewer combinations meaning that the password will be found in less time.

If no details about a password are known, the mask attack cannot be used. Fortunately, there is one more efficient password recovery method.

Dictionary attack

Let's assume that you possess some information about possible words or names that could be used in a password. In this case, you may use the dictionary attack method.

Users tend resort to common words for creating passwords. Generally, these are English words or phrases like "open", "access" or "letmein". In comparison with chaotic combinations of letters and digits, such passwords are easier to remember. Nonetheless, while such passwords are also often forgotten, they are easier to recover.

Where is the dictionary (or the word list) taken from? First, it may be included with the password recovery program package. Second, you may search for one on the Internet. Various lists of common words, thematic lists (fauna, football teams etc.), abbreviation lists are commonly available. Third, you can create a dictionary manually.

This method has a number of apparent advantages. The list of common words, generally used in passwords, is limited; it never contains more than a hundred-thousand words. Trying a hundred-thousand combinations is an easy task for any modern PC. In many cases, the dictionary attack method should be implemented in the first place. It may just work.

Rainbow table attack

Obviously, the most important criterion of the password recovery process is the amount time consumed by the search. Brute force attack tries all possible combinations, in which case the recovery of complex passwords may take too much time. If the search may take months or years, than its practical use is zero.

A method employing rainbow tables (rainbow attack) is used to help eliminate this problem. The basis of the method is using precomputations of password variants for a certain set of symbols.

The idea of replacing resource-intensive computations with a search by a lookup table, that was prepared beforehand, is not brand new. Lookup tables are used when data is easily extracted from the memory, rather than created. The main drawback of a lookup table is its size: not every enterprise can afford storing terabytes of data. That's why rainbow tables, or optimized lookup tables, came into being. The size of a rainbow table is much smaller than a lookup table.

Generating rainbow tables may present a higher probability of password or key recovery. Adjusting the settings and finding a good balance between the attack time and probability of password/key recovery should be considered separately.

As a result, the tables that help to quickly find the password/key from a certain range with a high probability are created in a reasonable time.

In comparison with simple lookup tables, the probability of password recovery using the rainbow attack is slightly lower than 100%, but the method is still worth trying. For example, a rainbow attack based on a table for 7 alphanumeric symbols (built within a week) makes it possible to recover any password consisting of seven alphanumeric symbols within 20-30 seconds. Using the brute-force attack method would take up more than 24 hours.

PDF Documents Protection

Adobe Acrobat features two levels of PDF password protection. Protecting the document with an access restriction ("owner", so-called "security" or "master") password does not affect a user's ability to open and view the PDF file, but prevents user from editing (changing) the file, printing it, selecting text and graphics (and copying them into the Clipboard), and adding/changing annotations and form fields etc. (in any combination). There are also "open" (so-called "user") passwords. If such a password is set, the file is encrypted with a strong algorithm and cannot be opened at all if the password or encryption key is not known.

Adobe Acrobat uses the RC4 encryption algorithm (a stream cipher; widely-used by various data protection systems), while Adobe Acrobat 7.0 and upwards can also use AES (Advanced Encryption Standard). Originally, 40-bit encryption has been used, but version 5.0 and above uses 128-bit encryption, which makes it much more difficult to find a password. 40-bit encryption involves 240 values, while 128-bit encryption involves 2128 values.

In addition, using security certificates allows for the creation of different access and usage rights for different user groups. For instance, some users will be allowed to fill in the forms, while users from another group will be able to edit the document as well.

Certificate-based protection for Adobe Acrobat is based on two keys: a public key and a private key. The former one is used to decrypt the file and the last one is used for document encryption and/or signing a document.

Is Password Recovery Legal?

You can use ElcomSoft PDF Password Recovery Service provided that you are the legal owner of all files and data that you are going to recover through the use of our service. If not, you must have permission from the legitimate owner to perform these acts. Any illegal use of our service will be solely your responsibility. Accordingly, you affirm that you have the legal right to access all data, information and files that have been hidden.


Copyright © 2011 Elcomsoft s.r.o.