Passware Kit Standard 2015 Review
Passware Kit Standard 2015 Review.
Have you ever found a document, perhaps old taxes, stored on a disc someplace, that you suddenly found yourself requiring access to but can not for the life you remember what the password you used back then was?! I think it would be fair to say that I’m not the only one to have been locked out of my own old documents this way. That was only one example and there are many other situations like it but thankfully Passware recognized this very real problem and have addressed it with Passware Kit Standard 2015! Not only have they presented us a solution for this issue, they’ve done it in a rather simple way. It may take some time, but the program does the heavy lifting.
The installation process is standard with no extra toolbars or potentially unwanted bundled deals to watch out for. If you want to sign up for their emailed newsletters you may opt-in to do so at the end. It isn’t selected by default so you can ignore it otherwise.
After launching the Passware Recovery Kit you’ll be greeted by a program window similar to the one shown below. It has a few options available, one which we won’t cover in this review “Reset Windows Administrator Password” but if you want to read more on that function feel free to check out the review we did on Windows Key.
The ‘Quick Start’ area of the main interface seems a bit redundant to me but I suppose it’s better than being blank. I also found the placement of ‘Recover File Password’ slightly odd as ‘Find Encrypted Files’ could be the logical starting point. That may just be me though, after all file password recovery IS the primary focus of the program so I can’t really complain…much.
There are a few different editions of the Passware Kit. All three support a variety of file types though each one builds upon the list of the others. Depending on what file types you need to recover you might be able to get away with the Basic edition which includes most of the MS Office file types. If you need to work on a PDF, Access, Outlook or a compressed archive though the standard version will be the one you want. Professional adds support for things like MS Money, QuickBooks and FileMaker among others. It also includes support for resetting Live ID passwords.
As the scan to ‘Find Encrypted Files’ seemed the logical first step to me, that’s the one I selected. At this point I had seeded a small document saved twice with two different encryption types. In addition to that I created it using a third party app which also handles MS Office files to see if would still be found and recovered. The password for these was the same, very simple, and only three characters in length to make the test fast. (123)
A few moments later it displayed a list of password protected files including the two I had seeded. It turns out the program comes with a couple of ‘samples’ which were also displayed. As I noticed the samples they provided were similar to the range I had included in the two seeded files I also added a third document saved as a 2010 .docx and re-initiated the scan. It still found the newer format as shown below.
It shows the file name followed by the location and the recovery options available. There is more information to be seen upon scrolling over. Most of it isn’t likely to mean much for general users but the Date Modified and File Sizes may be useful in identifying the correct files. The ‘Recovery Options’ tab can also be very useful as it displays the supported methods available for recovering the password.
There is a small list of actions available on the left and you can also right click for a few extra options. My next step was to select the three documents I had added and recover the passwords to see it in action.
Which is when I ran into one of the demo limits. Only one file can be processed at a time.
So I went back and selected *just* the 2010 version of the document as it was likely to be the most difficult of the three. This took me to another screen with some extra information and three new options.
Starting with the ‘Run Wizard’ option you see a screen that allows you to select between a few different options assuming you can provide any clues onto what the password might contain starting with ‘One dictionary word’.
Oops none of these options seemed appropriate for my number only password! If I didn’t know better I’d swear I had loaded the program first and saw this exclusion and done it on purpose. I actually hadn’t but it certainly seems like a good option to add here now! That left the ‘Other’ option and so that is what I went with. It asks for a little more input here though I did go back and test with some others. Using the Predefined Settings took me straight to the recovery process. Advanced displayed similar pages but usually with a different set of options available here and there. Regardless even the standard dictionary word attacks got this easy number only password quickly. It’s important to note that the program only comes with a few language dictionaries such as Arabic, Dutch, English, French, German, Italian, Portuguese, Russian and Spanish though it does allow you to add your own and even download more. Currently there is only one other package I saw available from the page the software loaded with a large dictionary of ‘Frequent Passwords’ that is 174 MB in size.
Considering the password I used was only three characters in length I think they might want to rethink this page. Once again though it is actually unlikely that any actual password would only be three characters long, let alone all numbers. (I would hope) so I can’t fault them for ‘expecting’ the passcode to be longer and thus creating this screen. I was aware of this limit from the download page so that’s why I chose it. I had intended to spend my time doing the other two but not much was different.
The Advanced page was set up a little differently and it won’t likely be easily useful for a majority of users without first reading a bit. They’ve done a good job separating the options in the list and even added a tutorial link in the actions which should be helpful. This link will launch a browser to a page containing a flash tutorial. Clicking on any option in the list will display some more information in the details area found to the left where they explain things better than I could.
There is a different aspect available in the program I would like to cover. If you happen to stumble across any of the supported formats there will be a prompt like the one below. They have an option to upload (part of) the file to servers they have dedicated to decryption. This allows them to expend some amazing resources to the fast decryption of your file. I don’t mean to say that you can’t preform the same key retrieval from your system but using this service will be MUCH faster. This service is called ‘Decryptum’ and only works for files from MS Word and Excel 97 up to 2003. After uploading part of the file it should show you a preview so you can verify that the one you’re trying to open is the one you need. The demo doesn’t come with any credits so I wasn’t able to test it myself but it does sound quite nice. It does have its limits and if you purchase the Password Recovery Kit Standard it only comes with one credit for Decryptum but these can be purchased separately if you are in a hurry.
I had started testing a much more difficult password in an effort to see how long it might take but I quickly ran into another demo limitation. The recovery process can only work for up to one minute! I wasn’t very happy about that as it only shows the first three characters in the demo anyway. I’m not sure why they felt the need to make the timeout so low as the slow brute forcing method is likely to take much longer than say even ten minutes. I can understand not allowing the process to go on for hours and hours or even days, weeks or months and then leaving the user with only three characters resulting in having them be really upset.
There is only one other section to touch on, ‘Internet & Network’ password recovery. This page was fairly self explanatory with only seven options to choose from. The Outlook Data and Remote Desktop recovery pages require you to browse to the relevant file while most will begin the attack themselves.
The system requirements are not very high but obviously are only the minimums. If you have access to a PC with a faster processor or GPU you should consider using it on that one.
1) Microsoft Windows Vista, Server 2003/2008/2012, or 7/8
2) 1 GHz processor
3) 512 MB of RAM
4) 150 MB of free hard disk space (more if you use custom dictionaries)
5) 1 GB RAM for each GPU card.
Conclusion and final thoughts:
As far as functionality goes, the program handles more than I thought it would. It has definitely improved over the years though it might be hard to get more than a general impression of how the full version would work using the demo. The first three characters being shown for the recovered passwords, while annoying, is understandable. The minute cutoff line for the attack is a bit low and barely gives the user time to process everything that is happening on the screen before getting a demo popup aborting the process. The user might have to restart it a couple of times to see all the information shown while it is active. Generally though the program does a good job of identifying and processing the files, allowing you to customize the ‘attacks’ and even add rainbow tables.
Be warned though that depending on the password, the program may need to run for hours, days, even weeks or months! The longer and more complex the password, the longer the program will take. This is due to the nature of encryption when there are no known weaknesses to exploit, each variation for every length must be tried. This is why the programs takes the users through the prompts hoping you’ll be able to narrow things down. It’ll do the hard work but it won’t likely be nearly instant like the weak password I tested above (123).
Does what it promises and even included a few features I wouldn't have expected.
Support for GPU usage!
Demo limit for one minute on attacks is a tad silly.