Password Cracking: CPU-Powered
There are a myriad of programs to choose from for recovering passwords, but two most popular programs are Advanced Archive Password Recovery and Visual Zip Password Recovery Processor. When I lost the password to my WinZip file, I was able to use the first to recover a seven-character-long password within 20 minutes. But this got me a bit curious. How fast was my computer searching for passwords? What would have happened if I had used a stronger encryption method, like AES-128?
More important: are all of your password-protected archives really only 20 minutes away from being opened by someone who shouldn't have access to them?
| Brute-Force Attack SpeedPasswords Per Second | Advanced Archive Password Recovery | Visual Zip Password Recovery Processor |
|---|---|---|
| Compression: NoneEncryption: Zip 2.0 | 28 357 311 | 20 943 157 |
| Compression: None Encryption: AES-128 | 9715 | fail |
| Compression: None Encryption: AES-256 | 9713 | fail |
| Compression: Zip Encryption: Zip 2.0 | 28 492 733 | 20 888 938 |
| Compression: Zip Encryption: AES-128 | 9733 | fail |
| Compression: Zip Encryption: AES-256 | 9760 | fail |
| Compression: RAR Store Encryption: AES-128 | 213 | - |
| Compression: RAR Store Encryption: AES-128, File Names | 202 | - |
| Compression: RAR Normal Encryption: AES-128 | 213 | - |
| Compression: RAR Normal Encryption: AES-128, File Names | 202 | - |
As you can see, compression has a minor effect on the speed at which you can try plugging in passwords, but the biggest weakness is in the older Zip 2.0 encryption scheme. As a result, a five-character password is detected in just a few seconds because you can crunch about 28 million passwords per second using a Core i5-2500K. Visual Zip also found the correct password in the Zip 2.0 encryption method, but due to a software problem, it cannot detect a password of any length encoded in AES-128.
Of course, this doesn't really tell the full story. We don't care about speed for the sake of showing off what a new CPU can do (though this could, in fact, make an interesting benchmark). We care about it because it affects the speed at which I can recover a password.
| Total Time for Search If You're Churning Through 28 Million Passwords/Second | Passwords Between 1 and 4 Characters | Passwords Between 1 and 6 Characters | Passwords Between 1 and 8 Characters | Passwords Between 1 and 12 Characters |
|---|---|---|---|---|
| Lower-case | instant | 11 seconds | 2 hours | 112 years |
| Lower-case and Upper-case | instant | 12 minutes | 22 days | 451 345 years |
| All ASCII characters | 3 seconds | 7 hours | 8 years | 701 193 345 years |
Even if you assume that you can try 28 million passwords per second, your chances of guessing the right one get increasingly dim as you move to longer passwords and larger character sets. Spending a whole month to crack an eight-character password composed of letters isn't a terrible prospect if the protected data is really important. But 700 million years is probably too long to ask you to wait.
Fortunately, Advanced Archive Password Recovery allows you to pause and save the position of your search. And, if you have a few computers at your disposal, you can really cut down on the time investment by distributing the workload. Getting scared yet?