Cracking Apple iWork Encyrption

Tuesday, February 14, 2012 @ 12:02 PM gHale

Apple has done a great job at encrypting passwords in iWork documents, but one company is now able to apply a distributed attack approach to recover lost passwords.

This makes Distributed Password Recovery the first tool to recover passwords for Numbers, Pages and Keynote apps, said ElcomSoft officials.

RELATED STORIES
Botnet Taken Down, then Resurfaces
Malware with Customer Support
New Software Cuts Costs, Risk
Scanner Email Hides Malware

“The recovery process is painfully slow”, said Andy Malyshev, ElcomSoft chief technology officer. “Apple used strong AES encryption with 128-bit keys, which makes password attack the only feasible solution. We’re currently able to try several hundred password combinations per second on an average CPU. This is slow, and thus only distributed attacks can be used to achieve a reasonable recovery time. However, the human factor and our product’s advanced dictionary attacks help recover a significant share of these passwords in reasonable timeframe.”

With strong encryption and long keys, an attack on encryption keys is not feasible as long as the encryption uses proper implementation. Therefore, Elcomsoft Distributed Password Recovery handles the case by performing an attack against user-selectable passwords, attempting to recover the original plain-text password.

Considering the very nature of iWork as an inexpensive, simple-to-use, consumer-oriented product, chances of hitting the right password by executing a distributed dictionary attack are good.

Here are some features of the program:
• Hardware acceleration (patent pending) reduces password recovery time by a factor of 50
• Support for NVIDIA CUDA cards, ATI Radeon and Tableau TACC1441 hardware accelerators
• Linear scalability with no overhead allows using up to 10,000 workstations without performance drop-off
• Allows up to 64 CPUs or CPU cores and up to 32 GPUs per processing node
• Broad compatibility recovers document and system passwords to various file formats (click for the complete list of formats)
• Brute-force and dictionary attacks
• Distributed password recovery over LAN, Internet or both
• Console management for flexible control from any networked PC
• Plug-in architecture allows for additional file formats
• Schedule support for flexible load balancing
• Minimum bandwidth utilization saves network resources and ensures zero scalability overhead
• Storing all discovered passwords, forming a separate/internal dictionary (password cache)