Password Recovery Service

Password cracking for penetration tests and compliance audits, encrypted file cracking.

Since 2009, KoreLogic's password cracking team, led by Rick Redman (a recognized expert in advanced password cracking), has played a critical role in improving the methods, techniques and tools used to crack password hashes. This expertise is integral to the Password Recovery Service (PRS)'s ability to unlock hard-to-recover passwords where conventional password cracking tools and services often fall short or deliver fewer results.

Quantifying The Risk Posed By Weak Passwords


Access to our digital assets often depend on passwords chosen by end users - history shows that to be problematic. Despite having otherwise effective security controls, one weak user/administrator password typically is all an attacker needs for a toehold.

PRS helps reduce security and compliance risk by:

  • Identifying password patterns which, if eliminated, increases resistance to attack
  • Providing insight into how passwords are being chosen by users and how to improve them
  • Providing evidence of compliance
  • Recovering credentials of users who are no longer with the company

Recovery Of Password-protected Files


PRS can recover plaintext passwords for encrypted documents (e.g., PDF) and/or archives (e.g., ZIP) for any number of possible legitimate uses such as restoring access to password protected documents containing critical information, supporting internal investigations, eDiscovery requests, etc.

Examples of PRS In Action


  • Fortune 500 Legal Team: Asked to recover encrypted files from a CD used by a former employee of an acquired company.
  • Law Firm: After law firm's use of a commercial password cracking software proved ineffective, asked KoreLogic to recover passwords from thousands of Microsoft Office and PDF documents in support of a discovery effort.
  • Compliance Audit for Fortune 500 Firm: Tested 11,000 password hashes and recovered 82% of the passwords even though all of the passwords met or exceeded the company's password policy. Provided the client with a list of accounts that used a common, shared password and weak administrator password