Security: Encryption: Encryption crackers

Encryption algorithms in most popular programs (Word, Excel, Wordperfect, PK-ZIP, and so on) are usually very weak, even though the manual often claims that you will never be able to get at the document without the password.

You should not rely on any program for which the algorithm is not publicly available. Many of the popular ciphers are very insecure, and rely on the fact that the details of the cipher are unknown, which can have devastating effects if someone discovers the trick. PGP is a positive exception.

Below you will find links to cracking programs for the most popular commercial or shareware programs. Note that cracking software may be illegal depending on your jurisdiction.

I ignore all e-mail regarding requests for crackers for programs which are not in the list below. Please check the FTP archives listed below instead.


Disclaimer: The programs listed in this document have not been tested by me, and I cannot guarantee that they will work on your system without problems. Use at your own risk!

[*] PK-ZIP
PK-ZIP, the most popular compression utility for the PC. Three programs are available to recover the key used to encrypt ZIP archives: PKZip Cracker, ZIP Crack, and Fast Zipcrack. A more general site dealing with PKZIP is also available.
[*] MS-Word
Microsoft Word also has a built-in encryption feature. A cracker is available.
[*] Wordperfect
Wordperfect's encryption scheme isn't very secure either. There are two crackers (one for version 4.2 and one for later versions).
[*] Unix passwords
Unix password cracking programs are available from CERT. Also see the archive at my university.
[+] Security: Encryption: Pretty Good Privacy
PGP is a file encryption program which is generally considered unbreakable. It is used extensively on the Internet, available for almost every platform and is required for anonymous remailers. It can also create digital signatures, which makes it easy to detect forgeries.
[+] Security: Encryption: Disk encryption
While a program such as PGP is good to encrypt e-mail or individual files, it is less useful to protect the contents of your entire hard disk. Even if you never forget to re-encrypt and wipe every file after use, editors and other programs may leave temporary files behind. If you encrypt the whole hard disk at once (similar to how Stacker or DriveSpace compress it), you don't have to worry about that anymore.

Please note that the FTP archive for these programs is mirrored on many sites. I have provided links to ftp.funet.fi:/pub/crypt/analysis. An other good site is ftp.ox.ac.uk:/pub/crypto/cryptanalysis. There are also crackers for other programs there.

