Encrypted files + Lost pastword == :'(

[skag]

Hi, I hope this post isn’t inappropriate (but I would rather post here than some other questionable sites). I have a few mcrypt files that I have forgotten the password to . The files aren’t absolutely vital, but I would like to recover them. The password is not a strong password (heh, I specifically used something easy that I would remember ). The encryption was more of a deterrent endeavor as the files were temporarily on a foreign host.

Thanks in advance for any suggestions.

[_never_]

Depending on the cipher used and the length of your password, you might have a chance to recover them. If you used an older cipher with known weaknesses like DES (you shouldn't be!), then chances are that you could exploit those. But this is a mathmatical task and there aren't many programs around to do such a thing automatically. Mostly this isn't even possible.

However, if you used a strong cipher (one without known weaknesses for a long time) like AES or Blowfish, there isn't much hope. You'll end up bruteforcing the files. Then it depends on the program used. Most, if not all, commercial programs store some kind of checksum of the passphrase used, so they can pop up those "wrong password" notices. If this is the case, you can check against this checksum. Otherwise you need some string found in the original (unencrypted) file. Then you decrypt the whole file with different passwords and check for this string. If it's found, you most likely have found the correct passphrase.

There are programs around to do this automatically. If your program stores MD5 hashes of the passwords, then you might be able to extract this checksum from the file and run John the Ripper against it. Here is some realistic overview of how long it will take on my computer (a Duron 1.6 GHz, 256 MB DDRam) if only lowercase characters and spaces are used in the passphrase. My machine does 4500 checks/second with MD5.