I agree with Fubar that very soon, the majority of human knowledge will be lost but whether humans will rise again from it is anybody's guess.

#34, callmestupid, people get all defensive when I rib them. You got the formula right, you got the standard English character counts right until you applied the math, it should have been 26+26+10 instead of just 26+10. The calculation load goes up considerably when the length of the password is unknown. It would be incredible to see a useful, functioning quantum computer, but I don't see that happening. At most, there are only a very few decades before human environmental damage results in droughts, floods, and famines on a scale which intersects human overpopulation, at which time the death rate will result in infrastructure breakdown and the collapse of global civilization. I expect the vast majority of human knowledge to be lost.

Balaji #13 - So why waste your time remembering and typing out such long passwords????

#31, Fubar, you said I flunked the math courses, yet you agree to me being correct with my calculations. Regardless of search space depth, the formula's the same. Anyway, in case you didn't notice, I was talking about the standard set of characters- different encryption applications may have different alphabet limitations.

Every time I launch this program it re-installs the desktop shortcut and Startup menu items. I delete them, then it re-installs next time around. Why is it doing this? I turned off the only setting that I thought could be related, regarding restoring default options on every run of the program, but it made no difference.

I thought I would give it a try.
I agree about the mathermatics.
I got a pleasant supprise.
On an Win XP SP2, AMD Semp 2800 1.7Ghz single core -
Using the slider at medium = 1200 per second
Using the slider at high = 3100 per second
The above was average on 3 cracked ZIPs.
So I am not sure why all the newer computers are so slow.

#15, callmestupid, #16, OldScotty, I see that you both flunked your math courses. OldScotty, it's not a factorial problem, callmestupid had some things right, if there are x symbols available for use, then the password is just a base x number, so if it's n characters long, there are x^n possible password values. The other errors are character counts. Restricting oneself to standard letters and numerals in the English alphabet yields 62 possible symbols. As for special symbols, it depends upon what the program in question accepts as a character. Just look at the Windows Character Map for the number of symbols available per font. Unicode can support over a million characters, but presently greater than 109,000 are encoded.

Sorry OldScotty (#16) but the [n!/(r!)(n-r)!] formula is not applicable to passwords and can be orders of magnitude too low.

It calculates the total possible ways you can select r unique symbols out of n unique symbols WITHOUT REGARD TO ORDER and using each possible symbol ONLY ONCE: ab & ba only count once and aa & bb are not allowed.

The number of unique possible strings while accounting for unique symbol order is [n!/(n-r)!] but this still only uses each symbol once.

For passwords which can reuse symbols the correct formula is r^n (r raised to the nth power).

To understand the math follow these scenario:

[r^n] - reusing symbols
For the 1st symbol you can choose 1 of n symbols
For the 2nd symbol you can still choose 1 of n symbols so there are n squared (n^2), possibilities
For the 3nd symbol you can still choose 1 of n symbols so there are n cubed (n^3), possibilities

[n!/(n-r)!] - no reuse of symbols but order is significant
For the 1st symbol you can choose 1 of n symbols
For the 2nd symbol you can only choose 1 of the remaining n-1 symbols so there are n(n-1) [which equals n!/(n-2)!], possibilities.
For the 3rd symbol you can only choose 1 of the remaining n-2 symbols so there are n(n-1)(n-2) [which equals n!/(n-3)!], possibilities.

Divide by the number of possible ways you can rearrange the r selected symbols to remove the significance of their order (= r!).

Note: For those not remembering their math:
"!" is the sysmbol for factorials,
x! = x(x-1)(x-2)(x-3)...1 [where x is any positive integer]
n!/(n-3)! = n(n-1)(n-2)[(n-3)!/(n-3)!] = n(n-1)(n-2)

To use your example:
(96!)/[(12!)(84!)] = 6 * 10^14
(96!)/(84!) = 3 * 10^23
12^96 = 4 * 10^103

A bit of a difference! To paraphrase George Orwell - They are all big but some are bigger than others.

Old Scotty #16,

Sorry for the comment I'm going to make here, but even is not senility involved there,there is something wrong with the formula you have given above for calculating the number of total password possibilities.
First of all:

1. n! divided by r!(n-r)! will end up in a proper fraction( as r is always greater than or equal to n);

2.the parentheses will be a negative number, because n is less than r, and therefore the right expression might be:(r-n);

3.Summon all above, you maybe tried to say:(n!/r!)(r-n)!

Will all due respect for you and all this site's visitors.

Well I have a i7 (8 core machine) and it took this program 2:40 just to go through a-z. SUPER SLOOOOOOWWWWW. Uninstalled it - shame.

There was a typo in my former post. Here are the right results:

Elcom Soft Advanced Archive Password Recovery: 18 pws/sec.
KRyLack Archive Password Recovery: Less than 1 password/sec.

Actually Elcom Soft Advanced Archive Password Recovery was 34x faster.

* * *

@sparkles/#14

> It would certainly be helpful to have a plain text option, as many passwords are just plain text words.

There is a plain text option. Just click the checkbox "Latin (abc)" + "Caps Latin (ABC)"

BTW: You'll find the same option in Elcom Soft Advanced Archive Password Recovery and in other brute force tools. Search for caps too makes the password recovery 26 times slower. Multiply that with 10 (0–9) and multiply the result with the number of all symbols and you'll know that brute force attacks need a hell of time and ressources if you don't know length and structure of the password.

I made a rar with a password of just 3 charaters and this thing couldn't even slove that.
Junk.
These type of programs usually are junk. I've never found a program of this type that actually really works.

Hi I have installed the program on Win 7 Home Premium 64-bit as an admin. I also have run the activate.exe as an admin. However, the program still shows that is only an evaluation version that can only search 6 chars. Any ideas?

To all those leaving comments over on the game giveaway site. I've had a major system failure on my main computer and can't access the admin page via my other computers so am unable to moderate any more comments at the moment. Hopefully sometime before the giveaway is over i'll manage to get back , until then hopefully the other moderator will make an occassional appearance.

I don't see this as being useful unless it brought advantages over other products already on the market. The (free) cRARk also says:

"Please bear in mind you have quite no chance to crack unknown password (longer than 6 symbols) if you have no additional info about it."

And that with their product, which is much faster than this.

I don't know if Post #11 is correct, but in regard to Post #5, I've tried many programs in this category, and they are all nearly useless (on any decent RAR password), or close to it. The only semi-exception I've found to date is the Elcomsoft program -- when using an appropriate and specific dictionary attack -- and even there it usually takes so long with any conventional hardware as to be impractical. After you've had your computer plugging away on an encrypted file continuously for a week or more, you will likely just throw in the towel. That is, if you're even willing to let the computer run 24/7. Given some quantum leap in computing power, who knows, but right now the chances are pretty slim.

It doesn't work with windows 2000. I get a null 32bit app error. I will be removing this software from my pc.

#7 - Update: Windows 7, 64 bit, quad core, 6 Gig of RAM. That hasn't changed since this morning.

Now approaching 9 hours of running at 'High Priority' setting I regret to inform that there is no change there either, no password has yet been found in my 7 kb file.

#11 - Seems you are correct!

mike #10
It is hard to imagine the huge numbers involved until you do the maths; using the simple formula
n!/r!(n-r)!, where n is the number of characters in our password and r is the number of printable characters at our disposal. For a 12 character password using all 96 printable characters, we can produce more than 6*10^14 passwords. If my sums are correct, at 40,000 passwords per second it would take just short of 500 years!
When you refer to credit cards all that is required is the pin number, a four character pin number using 40,000 passwords per second should be cracked in approximately 15 seconds, just showing why the password length is so important.
I must admit these figures surprised even me; it has been more than 50 years since I studied most of my mathematics, so I have checked and double checked my calculations and I can't find any fault, just hope to God it's not senility!
Just to clarify matters a ”Known-plaintext Attack” is one where you know the contents of a protected file. For instance, if someone had protected a text file say, containing a well-known nursery rhyme and we knew it, then it would only take seconds to find the password.
Let me end by saying how much I enjoy your comments and courteous way you present them.

I made my previous post without reading what others before me said.

I know most of you guys didn't like maths in school, so I'll make it a bit more clear for those stubborn and naive users which believe password cracking (software) is viable.

Excluding dictionary search (which works only if you're interested in accessing some fool's encrypted stuff), I'll be talking about brute force attacks...

When brute force attacking a password, you need to take into consideration the following:

1. search space depth - the alphabet
26 for lowercase (a...z)
26 for uppercase (A...Z)
10 for digits (0...9)
33 for symbols (!@#$%^&*, etc.)
If a password uses the entire available alphabet, the search space depth would be 95

2. search space length - the number of characters
this can range from 1 to whatever limit is imposed by the encryption software

To calculate the exact search space size, calculate SearchSpaceDepth^SearchSpaceLength.
So for a 4 characters password using letters and numbers, the exact search space size would be (26+10)^4=1679616

Assuming one thousand guesses per second, it would take 1679616/1000=1679,616 seconds (half an hour).

I'll let you do the maths for passwords using a search space depth of at least 50 and a password length of 16 characters


spoiler: just in case you aren't in the mood, it would take 9.27 thousand centuries assuming one hundred trillion guesses per second- yes, it's possible to find the password faster than that, since in reality the cracker doesn't require to check all the possible combinations, but you'd still be talking about astronomical processing and waiting times, so yeah, have fun being kids and playing with password cracking software while debating what password cracking software is better than the other.

Password recovery is never going to be fast, given how many combinations need to be tested. It would certainly be helpful to have a plain text option, as many passwords are just plain text words.

As for comparing programs, just one test is hopelessly inaccurate and a good many passwords would need cracking to provide a fair comparison. Algorithms differ and while one might be faster with numbers as a password, another might well beat it with text or mixed characters.

Several hours, or a day or two or more might be needed with a longer password or if mixed characters are in the password. One would expect a program such as today's GOTD to work well and be relatively fast for its cost!

Given how these programs work, you might need to set up an exception with AV/resident anti-malware programs.

I use passwords that are at least 20 characters long, and have random combinations of upper case letters, lower case letters, symbols and numbers. The number of password choices at that point is a 40 digit number!

The age of the universe in mioroseconds is a 24-digit number. So, if you had started at the beginning of the universe and checked passwords on my archive at the rate of 1 million per second, you would be about half-way done by now.

Good luck trying to crack these archives either with this software or any other software, running on a PC or a server farm that can go through a billion or even quadrillion passwords a second. My archive will still be safe when the universe comes to an end!

As always, excellent comments; so passing on this based on slow speed and missing options. Thanks for opportunity!

Password recovery tools are the type of software closest to a scam. Whoever believes passwords can be cracked with such tools obviously have no idea what world they live in. Take this password for example:URr1tard33d
It would require 16 years to crack it assuming one hundred billion guesses per second. Good luck with this!

#4: "... It always amuses me when people say how weak the protection is in these types of files, they’ve obviously never tried to crack one that has a decent length of password!"

On your home laptop/PC it can be a bear, taking quite a long time. But as Fum (#3) mentioned, this is a task that GPUs excel at. Everything I've read says that thieves steal on-line or cloud server time -- Amazon's are allegedly favored because they give you GPU access. Many sources have published that stolen credit card numbers are a commodity sold in bulk at auction nowadays, so someone uses stolen credit card numbers to rent server time using fake ID & data. While it's supposed to be Very fast cracking passwords this way, because you're using someone else's servers at little or no actual cost, it wouldn't matter much if it took days -- it's not like your PC is tied up processing this stuff.

I could well be wrong, but AFAIK one reason password protected zip files may have a bad rep is that [at least years ago] if you knew or guessed at some of the contents that could be used to crack the password faster.

"About 10 years ago, a zip file protected by a long password contained information I needed to extract."

FWIW & in case it helps, one advantage of encrypted discs or virtual disks, e.g. Truecrypt, is that you have just one password to manage rather than one for every file. But you can get the same basic effect with individual files, like password protected zip or 7z, using the same 1st half for every password, then using something based on the filename for the 2nd half. It's not as secure as using a random password, & if someone figures out your method they have access to everything you've encrypted, but the odds are better that even many years later you'll still be able to decrypt the files. The 1/2 of the password based on the filename could be anything from the filename itself to something you got using some sort of cypher table, where every letter of the alphabet was assigned some character. You could also come up with a table where the character shifted depending on the date, or one of the letters in the filename etc., or use any other methods you can read about if you research cyphers/codes. Because there's a pattern *most* such codes can be cracked, but it might be a good alternative to having to manage a different random password for every one of dozens or hundred of files.

We can't really blame them for at least trying to bring sparkles of hope. IRL see: http://bit.ly/q7tUEA and for the megatesters amongst you. bite on this one: http://dl.dropbox.com/u/34828833/ashampoo-toegang.rar Ages from now you are still waiting for the outcome...
it's now 14:23

I've noticed that the "make it portable" brigade are now trying to justify their comments, lol

I downloaded a small RAR file the other day and forgot to check whether or not it was encrypted. Unfortunately, it was.

WOW I thought, seeing today’s offering, downloaded it, and using my Windows 7, quad core, 6 Gig of RAM computer, setting priority to ‘high’, waited for the password.

The RAR file was less than 7 kb in size, and now over 2 hours later, I am still waiting…..? Also worried that I didn’t include ‘symbols’ in my choices, so not looking good. Will update if it works, but definitely SLOW!

WinXP SP3 Installed and register ok .

My initial comment is that it is set to auto update , so in the future it will disable it self to a trial of finding only 3 password characters, unless you remember to go to tools and uncheck the auto update box .

In English "Lack" is a negative word , associated subconsciously with lacking to do something. So if I were them I would change their name "KryLack" to something else.

Not had a chance to experiment with it yet , but if it does what it says on the tin, then it is keeper.

I tested this prog with
- Win XP Pro @ Pentium 4/2,8 GHz, 2 GB RAM
- Win 7 64 Bit @ Core i7 U620 (mobile version), 4 GB RAM

Installation and activation on both systems without problems (Win 7: "Install as admin" for Setup.exe and Activate.exe!).

The speed of KRyLack Archive Password Recovery on both systems is horrible slow – compared with Elcom Soft Advanced Archive Password Recovery (very old version 4.50):

I made a 150 MB RAR with a 4 digit password (1234) and told both programs to try passwords from 0000 to 9999.

Results @ Pentium 4:

Elcom Soft Advanced Archive Password Recovery: 18 pws/min
KRyLack Archive Password Recovery: Less than 1 password/minute

Elcom Soft Advanced Archive Password Recovery got the password in 1 min + 8 secs.
KRyLack Archive Password Recovery got the pw after 44 minutes.

With the laptop with Core i7 KRyLack got the pw after 45 minutes.
The Core i7 U620 has 2 real cores = 4 virtual cores. The CPU Usage at the Core i7 was about 26 % (average), even the priority setting in CRyLack was "High". The CPU Usage at the Pentium 4 was about 75 % (priority setting "Medium").

Remember, the password was just 1234 and I told both programs to search for a password between 0000 and 9999. Now try to imagine how long KRylack needs to recover a password with unknown length, including Latin, caps, digits and symbols. Forget about it!

Sorry for my shitty little English and sorry to you KRyLack guys, your program is useless! Try to learn from Elcomsoft!

After installation and activation, a somewhat gaudy interface was presented.
To test, a zip file password protected by PK ZIP v2.0, the old standard, was handled with ease, running at over 4000 password per second, but surprisingly not taking full advantage of the CPU’s quad core capabilities.
When presented with a zip file protected using AES it informed me it could not handle it!

About 10 years ago, a zip file protected by a long password contained information I needed to extract. The program I was attempting to crack it with, was considered to be a particularly good one, it informed me that it could take up to 4000 years to crack. I cracked it, but I’m no Alan Turing, I did it using a “Known-plaintext Attack” and I cannot see that this method is available in this program, a zip files greatest vulnerability!

In testing an rar file it ran at about 18 password per second, both this and the zip file would tested using brute force.

It always amuses me when people say how weak the protection is in these types of files, they've obviously never tried to crack one that has a decent length of password!
If your government lets you, and you really need to be secure try PGP, now that’s secure.
Possibly this program would be some use if you have a collection of old protected zip files or rar files but other than that it doesn't seem to offer too much for the price.

No CUDA support. That makes this 10 times slower than cRARk. Seriously, GPU-password cracking is a must. Password cracking is the place where parallel processing works wonders.

The problem with this is its not very fast. Maybe its just my computer
(mid 2008) but I can only get about 20 password guesses per second.

I love password recover programs! I have some old RAR files that I compressed using passwords that I never wanted anyone else to be able to guess ... and then I forgot them myself. So I'm always playing around with programs like this. I'd love to see parallel processing on multi-core GPUs supported! That seems to be the wave of the future when it comes to password cracking. At least until quantum processors are available for household use. Thanks KryLack and GOTD!