The Russian software company, ElcomSoft, has developed a tool capable of recovering iWork passwords from Apple Numbers, Pages, and Keynote applications. According to ElcomSoft, ‘Distributed Password Recovery’ is the first commercially available tool with this capacity.
The tool works by performing a distributed, brute force dictionary attack against user-selectable passwords. Its just the latest effort by the Russian firm, which has previously released tools for breaking the encryption used to protect data on Apple iPhone and RIM Blackberry devices.
ElcomSoft claims this tool gives forensics experts the ability to access a vast array of encrypted evidence.
“The recovery process is painfully slow,” ElcomSoft CTO, Andy Malyshev, said in a statement. “Apple used strong AES encryption with128-bit keys, which makes password attack the only feasible solution.
To do that, Elcomsoft developed what it calls “advanced dictionary attacks” that can speed the process of guessing the right password. Together with distributed computing power, the Elcomsoft tool makes it possible to retrieve iWord passwords.
“We’re currently able to try several hundred password combinations per second on an average CPU. This is slow, and thus only distributed attacks can be used to achieve a reasonable recovery time. (But) our product’s advanced dictionary attacks help recover a significant share of these passwords in reasonable time frame,” the company said in a statement.
Threatpost reached out to Apple, but they did not immediately respond to a request for comment.