Forgotten Password

Callahan83
Callahan83 used Ask the Experts™
on
Hello, I am having trouble in remembering a password for a *.jbc file, I remember 90% of the password, but I can’t remember how I ended the password, is there a programme or a method that I can use to recovery the password automatically? I understand this may take some time but I need access to file!

Many thanks

DP
ddp1983@msn.com
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dear Callahan83,

check out the http://www.lostpassword.com/bestcrypt.htm and/or http://www.lostpassword.com/recovery-options-enterprise.htm which both can handle .jbc format.

Kind regards,
Soren

Author

Commented:
Dear Soren,

This was my 1st idea but after installing the software, I found they do not support .jbc file even though it says on the site they do!
Brute force password cracking can be very time consuming. Unless the password is weak to begin with, it can take months, years, decades, centuries, millennia. Your better off using your intelligence and reason to at least develop some rules for password searching, such as total number of characters, total character set (is it alphanumeric, or does it contain special characters and punctuation marks. If so, what are the possibilities.)

People pick passwords according to a password style they have developed. It's a sort of language, related to the user's native language. The more you can restrict the search, the better the odds of finding the password.

Just think about how you make your passwords, or how you made this password. You probably at least know what characters you didn't use, because there are some characters any certain person will never use in a password.

After you've done your analysis, then look for a program that can accept rules for finding the password. There is no program in the world that is magic. If you analyze the situation, you'll find the password much faster than having a computer guess at every possibility.

I'll give you an example, for a 10 character password that could contain any of the 256 ASCII set characters, there would be roughly 28 million trillion possibilities. On the average, the password would be found after evaluating 14 million trillion possibilities. If a computer could process 1 million guesses per second, it would take 400,000 years, on average, to guess the password.

If you can narrow it down to 100 possible characters used 10 at a time, the same computer could, on the average, find the password in 110 days. If you could narrow the number of possible characters to 46 used 10 at a time, the same computer could find the password in an hour.
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Author

Commented:
Hello,

Thanks for the reply I understand what you’re saying and I have used my usually password word groups but the problem is I like to use ¬?@~ at the end of the password but I can remember what order or what shit combination I have used, I am sure I am only missing 3 characters of the password but I cannot remember which three, buy can get/buy one of these brute force programmes you mention? I have be able to get into the file anyway I have trying manual but I do not have the time as well.

Many thanks for your replies.
Top Expert 2007

Commented:
In the future use a good open source program like the free Keepass to store your passwords.

http://keepass.sourceforge.net

 I hope this helps !
Exec Consultant
Distinguished Expert 2018
Commented:
Passware Enterprise and Forensic Edition shd be able to handle Bestcrypt version 6, 7 and 8.
@http://www.lostpassword.com/recovery-options-enterprise.htm
@http://www.lostpassword.com/recovery-options-forensic.htm

The basic, standard, and Professional do not support bestcrypt.

It does Brute-force Recovery - Slow but you can input your known part into the "Pattern" box to reduce the time @ http://www.lostpassword.com/attacks.htm#known 

Other useful ref in JBC FAQ. @ http://www.jetico.com/support-bestcrypt-faq/

Excerpt:

BestCrypt does not store password anywhere on disk - neither inside container nor at other place.

BestCrypt v.8 allows users to create a backup copy of a container's header and to remove (wipe) the original header from the container file. The copy must be stored in a safe place, such as on a removable device. Without the header, it is absolutely impossible to access data inside the container, because the header stores the encryption key for the data. Password-guessing modules are not able to attack such "headless" containers.

BestCrypt reports that the file is not a valid BestCrypt container, when making just the first simple check of signatures at first 512 bytes of the container file.

If you have a backup copy of the container's header, you should restore the header from it. Using BestCrypt v8, it is possible to do so with 'Restore header from backup copy' command. If you are running Bestcrypt version 7, you should contact Jetico Technical Support and we will help you to restore the container.
I investigated this issue at some length. BestCrypt uses blowfish encryption. John The Ripper is a password recovery/security testing tool for Linux. It accepts rules, and character lists. It accepts partial passwords, total length of password, number of missing characters, positions of missing characters, and a few other password characteristics. Once you get the program set up, it should recover the password in a few minutes.

You can use the Knoppix live CD. You must download the CD image file (.iso file). You burn it to a blank cd, boot with it, and you have a linux operating system. I'll tell you how to install the program from within the Knoppix live CD environment: open a terminal window (command line terminal), and type 'su', without the single quotes.

Then type: 'nano /etc/apt/sources.list'. Place a '# ': pound sign and space in front of every line. Make a new line as follows: 'deb http://debian.uchicago.edu/debian/ testing main contrib non-free'

Hit CTRL+x, then y, and ENTER. Type at the command line: 'apt-get install john'.

The manual page for john, type  'man john'. This gives a brief description of the program. The documentation is in the directory: '/usr/share/doc/john'. Type 'cd /usr/share/doc/john'. Type 'ls' to see the directory contents (files). To open a '.gz' file, type: 'zcat file.gz | less'. Use the arrows to navigate in 'less'.

I cannot explain exactly how to use the program, because there are too many variables. You must read the documentation, and set up the program properly for your unique situation.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial