Think like a cracker to hack an Apple
Elcomsoft is a hacker. A white hat hacker, one of the old school, not one of these new-fangled, bad boy (or girl) black hat criminal cracker hackers, but a hacker nonetheless.
It produces encrypted file recovery systems, usually in the form of password recovery tools. They may be used by some of the cracker hackers as password cracking tools, but they are built as honest-to-goodness password recovery tools. And most of us could have used one at one time or another. Now Elcomsoft has a new string to its bow: the very first Apple iWork file cracker – sorry, password recovery tool.
Why is this the first? Because, explains Elcomsoft, Apple’s encryption is “an industry-standard AES algorithm with strong, 128-bit keys. Brute-forcing a 128-bit number on today’s hardware remains impossible.” This effectively means that the only way to recover an encrypted iWork file is to hack the password. But, says Elcomsoft, “Apple used the PBKDF2 algorithm to derive an encryption key from plain-text passwords, with some 4000 iterations of a hash function (SHA1).” If that’s as much geek-speak to you as it is to me, the bottom line is that brute-forcing the passwords would be too lengthy to be meaningful.
Unless, and this is where thinking like a hacker comes in, you can find some way to reduce the likely number of possible passwords. First, Elcomsoft notes that the price range for iWork shows that it is a consumer rather than business product. Users are likely to be human beings rather than corporate automata. “Multiple researches,” says Elcomsoft, “confirm it’s a given fact that most people, if not enforced by a security policy, will choose simple, easy to remember passwords such as ‘abc’, ‘password1’ or their dog’s name. In addition, it’s in the human nature to reduce the number of things to remember. Humans are likely to re-use their passwords, with little or no variation, in various places: their instant messenger accounts, Web and email accounts, social networks and other places from which a password can be easily retrieved.”
From this starting point and armed with “ElcomSoft’s advanced dictionary attack with customizable masks and configurable permutations,” brute forcing the passwords suddenly becomes a lot simpler; and iWork recovery is now included in the Elcomsoft Distributed Password Recovery Tool. It is, says Elcomsoft, “the human factor and advanced dictionary attacks that help it recover a significant share of iWork passwords in reasonable time.”