Vendors release password cracking, management tools
As full-disk encryption becomes increasingly used to protect data, new software tools that can recover lost passwords or change forgotten ones are being released.
Full-disk encryption will protect data, but it also means that the data could be unrecoverable if people forget their passwords. Russian security company ElcomSoft specializes in software that can crack unknown passwords for a variety of software programs.
The company's latest upgrade to its ElcomSoft Distributed Password Recovery (EDPR) product increases the speed at which passwords can potentially be recovered from the hard disk with PGP encryption, said Olga Koksharova, Elcomsoft's marketing and sales director.
EDPR lets administrators use off-the-shelf graphics cards from Nvidia to crack passwords, taking advantage of the parallel processing capability that can figure out passwords or encryption keys much faster than desktop CPUs.
The update adds GPU acceleration, which Elcomsoft says speeds up password recovery between 10 to 200 times more than using only desktop CPUs. A single Nvidia GeForce GTX 295 using EDPR can work about 15 times faster than an Intel Q6600 Core 2 Quad 2.4 GHz chip, the company said.
Scaling up, four Nvidia GeForce GTX 295 cards can brute-force 500,000 passwords per second using EDPR, Koksharova said.
But Elcomsoft's software can't necessarily recover every password, since it depends on the password's length and complexity. For example, an eight-character password consisting of only lower-case characters is likely recoverable, but the chances of recovery are slimmer for a nine-character one that includes a special symbol.
Overall, PGP disk encryption is very secure, Koksharova said. PGP uses 256-bit AES (Advanced Encryption Standard) keys for its whole-disk product. But studies show that people are relatively lazy about passwords, often making them easy to guess or too short.
Elcomsoft's software is legal to use as long as an administrator has proper permission to use it on machines. EDPR starts at £599 (US$886) for use on 20 client machines.
As far as password management, Lenovo recently released software that allows administrators to reset user passwords remotely within a PC's BIOS, which holds hardware passwords to boot the PC and start the hard disk.
Administrators have been able to change those passwords before, but they needed physical access to the PC. That hasn't been practical for organizations that have thousands of PCs deployed worldwide. Also, there's a risk since if those passwords are forgotten, the hardware is useless.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
encryption
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
