Smart Force Attack (developed by LastBit)
Smart Force Attack is the advanced Brute Force Attack. This method assumes
that the password being recovered consists of letters only and this combination
of letters is meaningful. Smart Force Attack is based on the statistical
tables built by means of analyzing of a large amount of texts. Smart Force
Attack can save your time because it doesn’t test meaningless combinations
of letters. The effectiveness of Smart Force Attack can be compared to
that of Dictionary Attack with a very large dictionary. Smart Force Attack
will not find passwords that contain digits or other non-alpha characters.
Also it doesn’t work with machine-generated "random" passwords. Moreover,
there is a possibility that Smart Force Attack will not recover a meaningful
password. Nevertheless, Smart Force Attack can check passwords up to 11
characters in length in a reasonable amount of time. Brute Force Attack
is useless in such cases.
If you’re not afraid of formulas: the rough estimation
of time required is ((C*X/26)^L) / S / N, where C is the length
of the characters et, X is the SmartForce level, L is the length of the
password, S is the speed of recovery (the number of passwords processed
per second) and N is the number of computers used for recovery.
| Time Required: |
Very little in case of short passwords, absolutely unacceptable
amount in case of long passwords but still much less than time
required for Brute Force Attack. |
| What is Recovered? |
Original password |
| Guaranteed result? |
No |
| Requisites/Limitations |
The amount of time required is still the issue, though it
is much less a problem than in case of Brute Force Attack.
Machine-generated passwords and passwords containing non-alpha
characters cannot be recovered. |
| Passwords that can be recovered |
Any password |
| Pros |
Much faster than Brute Force Attack |
| Cons |
As in case of Brute Force Attack the amount of time required
is large, certain experience and understanding of the process
is required. Moreover, the success is not guaranteed. |
| International/Localization issues |
Current version can recover English passwords only. |
|
Known Plain Text Attack
This method can be used for recovering password protected ZIP-archives.
It can be used only if the archive contains several files and at least
one of them is available to the user. E.g. the archive contains several
Word documents and the user has a copy of one of them unpacked, or the
archive contains an executable and several DLLs and among them there are
standard DLLs which can be found unencrypted.
| Time Required: |
Several hours |
| What is Recovered: |
Unencrypted archive |
| Guaranteed Result? |
Yes (if this method is applicable) |
| Requisites/Limitations |
An unencrypted copy of one of the files is required. |
| Passwords that can be recovered |
Zip archive password |
| Pros |
Guaranteed result in an acceptable amount of time no matter
how long the password is |
| Cons |
The password remains unknown. |
| International/Localization issues |
N/A |
|
Password Variation
Often the problem with the password is that it was typed incorrectly.
The user can make a mistake or type the password with CAPS LOCK turned
on. Moreover, the user often remembers the approximate appearance of the
password but fails to recall it in detail. In this case we can take the
approximate password and test every possible variant, such as case changes
(password -> PASSWORD, Password, PAssword, pASSWORD etc), omission
of one of the characters, doubling characters, inserting or replacing
the character with the neighboring characters and so on. Usually the number
of combinations is not very large and it is possible to test them all
in a little time.
| Time Required: |
Depends on the variation depth, usually little |
| What is Recovered: |
Original password |
| Guaranteed result? |
No |
| Requisites/Limitations |
The user must know the approximate password |
| Passwords that can be recovered |
Any password |
| Pros |
Works rather fast even in case of long passwords |
| Cons |
Can’t be applied always (only in case the approximate password
is known), the success is not guaranteed |
| International/Localization issues |
N/A |
|
|
