Password Recovery Kit v7.3

Reviewed by: Howard Carson, February 2007
Published by: Passware
Requires: Windows 95 through Vista, 16MB RAM, Pentium II or faster
MSRP: $395.00

Lost passwords probably account for tens of millons of dollars worth of lost data, time and energy every year. While accurate statistics don't really exist, it's safe to say that almost every home and business computer owner has been frustrated at one time or another by inaccessible locked documents, spreadsheets and other files. If you don't have the password, you can't get at the data in the file. With passwords and other data security requirements being imposed more often and more widely at the vast majority of businesses around the world, it's probably smart to have a handy password recovery utility at hand.

Since 1998, Passware has been supplying Help Desk personnel, IT professionals, and business users with security tools designed to recover lost passwords. The main product, Password Recovery Kit, works with all versions of Microsoft Office, including the latest Office 2007 releases of Access, Excel, Word, Outlook, Visio and VBA. The software also recovers passwords from Quicken, QuickBooks, WordPerfect, WinZip, Windows 2000/XP/NT, 1-2-3, ACT!, Paradox, Organizer, Adobe Acrobat, WinZip and many other popular business software programs (the current total is 26). The SureZip recovery module decrypts most WinZip archives. The Windows module lets a user reset Windows security if the Administrator password, secure boot password, or key disk have been lost. The program can also be used to create Windows NT Key boot disks which can be used to unlock a system.

Installing Password Recovery Kit is extremely simple and takes less than a minute. The program entry on the Windows Start>Programs menu opens up into a very long list of key utilities (Word key, Lotus key, Excel key, etc.). The software uses a combination of security, decompression and decryption algorithms and dictionary look-ups to do its work. Using Password Recovery Kit (PRK) is even simpler than installing it. Simply run the program and choose the unlock key from among the file types that the program processes. Each unlock key corresponds to a specific file format, i.e.: the Word key is used on Microsoft Word documents, the Excel key is used on Microsoft Excel documents, and so on. Launch the Word key, set the password recovery options (or use the defaults), load a Word doc. That's it. Password Recovery Kit starts working automatically.

The software finds a password by literally trying millions of passwords per minute. The Brute-force attack method is the slowest approach and can try all passwords up to 7 characters in length. The Xieve attack method is faster and capable of recovering passwords of up to 9 characters. The Dictionary attack method (which uses only letter combinations) is fastest and there's no limitation on password length. In my tests I found that the fastest results using any of the methods came from having at least a vague idea of what the lost password might have been. There's no sane reason to attempt a recovery using letters only if the file owner insists that the password was all numbers. Save yourself some time and define the recovery parameters as narrowly as possible. The password "helena" (on a Word 2000 doc) required exactly one-tenth of a second to recover - amazingly fast. However, the password "helena1" required a full hour to recover. Ditto for "1543267" versus "154a267". But if the document is important and contains information which is not available anywhere else, it's worth the wait.

We found huge differences between various CPUs. The latest dual core processors from Intel work wonderfully well. The comparison between a fast dual core CPU in a brand new Dell Dimension desktop PC running Windows XP Professional and a three year old Pentium 4 2.8GHz Windows XP machine was striking, allowing the Password Recovery Kit to do its work between 35% and 65% faster, depending on the file format.

If you allow staff to place password protection on documents created for internal use, create and insist on a policy of either plain language passwords or numeric passwords. Allowing staff to create any old random, overly complex or overlong password may result in a situation which stymies even Password Recovery Kit. Keep it simple. Documents for use outside the company need more powerful schemes, including digital signatures combined with password locks and encryption. Creating a password suitable for military intelligence use is fine in a Department of Defense environment, but inappropriate for your typical business office which stores a comparative handful of confidential documents (none of which have anything to do with national security).

Cons: This isn't really a Con but you need to know that complex or overlong passwords may require a day or more for Password Recovery Kit to discover. That's just the nature of brute-force recoveries. Note that Word 2003, 2002/2000 & 97 and Excel 2003, 2002/2000 & 97 use an industrial strength RC4 encryption algorithm that makes instant password calculation impossible. The MS Office key (Word, Access, Excel, etc.) cannot always recover passwords for office docs which have been encrypted by 3rd-party software.

Pros: Works with Microsoft Office 2007 documents. Password Recovery Kit speed is limited only by the speed of your CPU. If you are in an environment which generates confidential information (spec sheets, research, analysis, private reports, designs, reviews, etc.) you will eventually need to lock and protect documents. That activity unfortunately goes hand-in-hand with lost passwords. Password Recovery Kit will eliminate many headaches for IS/IT managers. Managers of small offices will also benefit, especially in areas with high turnover or staff churn. As well, for anyone involved in general research, there are some weeks when locked documents with missing passwords seem to be a way of life. Passware's product works well and it will pay for itself the very first time a password is recovered for some crucial document, spec or design. Highly recommended.