Apple iWork passwords cracked

ElcomSoft can now recover passwords protecting Apple iWork documents. This makes Distributed Password Recovery the first tool to recover passwords for Numbers, Pages and Keynote apps.

“The recovery process is painfully slow”, comments Andy Malyshev, ElcomSoft CTO. “Apple used strong AES encryption with 128-bit keys, which makes password attack the only feasible solution. We’re currently able to try several hundred password combinations per second on an average CPU. This is slow, and thus only distributed attacks can be used to achieve a reasonable recovery time. However, the human factor and our product’s advanced dictionary attacks help recover a significant share of these passwords in reasonable timeframe.”

With strong encryption and long keys, an attack on encryption keys is not feasible as long as the encryption is properly implemented. Therefore, Elcomsoft Distributed Password Recovery handles the case by performing an attack against user- selectable passwords, attempting to recover the original plain-text password.

Considering the very nature of iWork as an inexpensive, simple-to-use, consumer-oriented product, chances of “guessing’ the right password soon by executing a distributed dictionary attack are very high.

Elcomsoft Distributed Password Recovery features and benefits:

  • Hardware acceleration (patent pending) reduces password recovery time by a factor of 50
  • Support for NVIDIA CUDA cards, ATI Radeon and Tableau TACC1441 hardware accelerators
  • Linear scalability with no overhead allows using up to 10,000 workstations without performance drop-off
  • Allows up to 64 CPUs or CPU cores and up to 32 GPUs per processing node
  • Broad compatibility recovers document and system passwords to various file formats (click for the complete list of formats)
  • Brute-force and dictionary attacks
  • Distributed password recovery over LAN, Internet or both
  • Console management for flexible control from any networked PC
  • Plug-in architecture allows for additional file formats
  • Schedule support for flexible load balancing
  • Minimum bandwidth utilization saves network resources and ensures zero scalability overhead
  • All network communications between password recovery clients and the server are securely encrypted
  • Flexible queue control allows easy job management
  • Storing all passwords that have been discovered, forming a separate/internal dictionary (password cache)
  • Install and remove password recovery clients remotely
  • Launch agents and server as system services
  • Keep track of CPU time and resource utilization, password recovery jobs and user activities
  • Industry certified: Microsoft Gold Certified Partner, Intel Software Partner, NVIDIA Developer Support.

Don't miss