Winrar and Winzip Password Recovery, is it possible?
Posted by absnet on 7 February 2009
Someone asking me is it possible to use password recovery software to "brute forcing" your Winzip or Winrar password. It sound promising when you googling to the net and finding a software come with the promise "able to recover your lost password". You download that software, installing it on your computer, and let’s the software work. But when you see the estimate time to guess, you put aside that file..
HOW ZIP PASSWORD WORK
Zip password (winzip, winrar, 7zip etc) using encription procedure namely AES (Advance Encryption Protocol). In newer version of Winzip, the application provides the choice of several strengths (bit length – the longer the stronger), AES-128, AES-192 and AES-256
The weakness in using WinZip AES encryption, is it uses “Symmetric” encryption, which means it uses a single private password to encrypt and decrypt the Zip archive. Therefore complexity and strength of the password is “the” protection as well as a weak point
HOW TO RECOVER LOST PASSWORD
One of the password breaking attacks is a dictionary attack, which is as it sounds, tries regular words found in the dictionary as well as commonly used passwords, usually the cracker (the bad guy) has his own specific database of commonly used and known passwords, so passwords like “Pa55word” are extremely weak and just doesn’t cut it. Dictionaries of words are easily available for free on the Internet, these include dictionaries of specialist words, foreign languages, technical jargon, place names, first names etc.
The brute attack now can recover about 6 character length password at about 2 hours using general PC. It length will increase as password character longer, at about 12 folds. If you try to brute force a 7 digit password it took a several days and it would took a couple of months to crack an 8 digit password on your not so powerful home computer.
The main factor to consider with the brute force attack is the processing power (the speed) of the computer trying the combinations. So, if your computer is not so powerful, and you’re sure that your password is more than 8 digit, please forget that file.
A hybrid attack is a mixture of a brute force attach and a dictionary attack. There are many different ways a hybrid attack can be performed, in it’s simplest form a hybrid attack may simply add a couple of numbers to the end of each dictionary word tried, this increases the number of tested combinations without having to resort to a true brute force attack. Cracking software will often use a combination or selection of all three methods to try and guess your password.
SOFTWARE TO RECOVER LOST PASSWORD
You can try this software to recover. I hope you can use it with responsible.