High performance password cracking for encrypted file recovery, compliance audits, and penetration testing. KoreLogic provides highly skilled cyber security services to Fortune 100 companies and the U.S. Government.

Password Recovery Service

This service provides you with the ability to:

  • Recover access to locked business-critical documents.
  • Quantify reduction in security risk from discovering and removing weak passwords used throughout your enterprise.

Since 2009, KoreLogic's password cracking team, led by Rick Redman (a recognized expert in sophisticated password cracking), has played a critical role in improving the methods, techniques and tools used to crack password hashes. This expertise is integral to the PRS's ability to unlock hard-to-recover passwords and provide means to easily and repeatably audit enterprise password compliance, where conventional password cracking tools and services often fall short or deliver fewer results.

Examples of PRS In Action


KoreLogic provides PRS to Fortune 500 firms, small businesses and to individuals such as described below:

  • Fortune 500 Legal Team: Asked to recover encrypted files from a CD used by a former employee of an acquired company. We reverse-engineered the proprietary encryption used on the CD to gain access to the files.
  • Law Firm: A firm was processing thousands of password-protected Microsoft Office and PDF documents for eDiscovery. After the firm's use of a commercial password cracking software proved ineffective, they engaged KoreLogic's PRS. We accomplished more in days than they had managed in months.
  • Fortune 500 Food and Beverage Company: Cracked 99.8% of 260,000 password hashes. Passwords complied with documented policies, but those policies did not prevent major trends and predictable user behavior. Also identified administrators abusing their privileges to reuse passwords, evading password history controls.
  • Small Business Owner: A couple ran a small business together; one partner did all the bookkeeping and kept all their business and personal financial account information in an encrypted spreadsheet. That partner passed away suddenly. We were able to decrypt that spreadsheet so that their spouse could regain access to their shared accounts.
  • A Major Retailer: Leveraged PRS to get an understanding of their user compliance and to satisfy audit requirements. 84% of the organizations' 11,000 user passwords were found in 24 hours, leading to policy change discussions that ended with a revamp of their security policies.
  • Taxpayer: A private citizen was being audited by the Internal Revenue Service (IRS) and urgently needed to access 2 encrypted PDF files which contained information related to the audit. The citizen had lost the passwords for the encrypted documents and had unsuccessfully tried to guess them. PRS recovered the passwords in minutes and the citizen was able to open the files.

Quantifying The Risk Posed By Weak Passwords


Access to digital assets often depend on passwords chosen by end users - history shows that to be problematic. Despite having otherwise effective security controls, one weak user/administrator password typically is all an attacker needs for a toehold.

PRS helps improve security and compliance by:

  • Identifying password patterns which, if eliminated, increases resistance to attack
  • Providing insight into how passwords are being chosen by users and how to improve them
  • Providing evidence of compliance with your password related policies
  • Mapping historical data to trend user and administrator compliance with password policies

Recovery Of Password-protected Files


PRS can recover plaintext passwords for encrypted files (e.g., PDF, Microsoft Office documents, archives such as ZIP, etc.) for any number of possible legitimate uses such as restoring access to password protected documents containing critical information, supporting internal investigations, eDiscovery requests, etc.

Requesting PRS


Our goal is to make password recovery accessible for everyone from individuals and small businesses to the Fortune 100. Pricing is primarily a function of the amount of processing time desired, which in turn depends on the hash algorithms or file types, urgency, number of accounts or files to be recovered, etc.

  • For individuals or one-time engagements, we support payment via PayPal.
  • Enterprise customers may prefer to enter into a traditional contract arrangement, use the service on a recurring basis, etc.
  • We will require some attestation in writing that you have legal right to the password/file and that you are not engaging or causing KoreLogic to engage in any illegal activity.
  • For engagements such as recurring enterprise-wide password cracking and reporting, we may deploy a hardware or virtual appliance on customer premises; contact us for more details.
Contact the PRS Team [PGP key] with a brief description of your password or file recovery needs.