Vendors release password cracking, management tools
As full-disk encryption becomes increasingly used to protect data, new software tools that can recover lost passwords or change forgotten ones are being released.
Full-disk encryption will protect data, but it also means that the data could be unrecoverable if people forget their passwords. Russian security company ElcomSoft specializes in software that can crack unknown passwords for a variety of software programs.
The company's latest upgrade to its ElcomSoft Distributed Password Recovery (EDPR) product increases the speed at which passwords can potentially be recovered from the hard disk with PGP encryption, said Olga Koksharova, Elcomsoft's marketing and sales director.
EDPR lets administrators use off-the-shelf graphics cards from Nvidia to crack passwords, taking advantage of the parallel processing capability that can figure out passwords or encryption keys much faster than desktop CPUs.
The update adds GPU acceleration, which Elcomsoft says speeds up password recovery between 10 to 200 times more than using only desktop CPUs. A single Nvidia GeForce GTX 295 using EDPR can work about 15 times faster than an Intel Q6600 Core 2 Quad 2.4 GHz chip, the company said.
Scaling up, four Nvidia GeForce GTX 295 cards can brute-force 500,000 passwords per second using EDPR, Koksharova said.
But Elcomsoft's software can't necessarily recover every password, since it depends on the password's length and complexity. For example, an eight-character password consisting of only lower-case characters is likely recoverable, but the chances of recovery are slimmer for a nine-character one that includes a special symbol.
Overall, PGP disk encryption is very secure, Koksharova said. PGP uses 256-bit AES (Advanced Encryption Standard) keys for its whole-disk product. But studies show that people are relatively lazy about passwords, often making them easy to guess or too short.
Elcomsoft's software is legal to use as long as an administrator has proper permission to use it on machines. EDPR starts at £599 (US$886) for use on 20 client machines.
As far as password management, Lenovo recently released software that allows administrators to reset user passwords remotely within a PC's BIOS, which holds hardware passwords to boot the PC and start the hard disk.
Administrators have been able to change those passwords before, but they needed physical access to the PC. That hasn't been practical for organizations that have thousands of PCs deployed worldwide. Also, there's a risk since if those passwords are forgotten, the hardware is useless.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
encryption
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
