I think some people are suspicious that you're pretending abstract
curiosity about how a particular file protection works, while the real
situation is that you have someone's protected file and want to crack it.
I suspect the same thing, but I don't mind telling you to look at
http://www.crak.com for commercial cracking tools and services.

On Fri, 26 Dec 2003 12:46:37 -0500, Nathan Gutman <ngutman@cshore.com
wrote:

I am retired engineer and got intrigued by the different password
recovery software. Would like to learn how to write in Visual Basic
some programs like that myself.
For example, for starters would like to learn how recover a VBA
Project password.
Where would I have to go to find where is such password stored?
What scheme would I have to use to find what that password was?

When you are trying to recovery a password/passphrase from a computer
application, the first step is to look for a means of simply bypassing
the encryption. This happened with a simple Mac shareware that
protected files with a password, but stored the data file unencrypted.
So you simply had to extract the original data from the "protected"
file.

Next you typically want to find what method the software is using to
encrypt the file. For this you likely need to get into software
reverse engineering, such as using a run time debugger.

You might find Joe Peschel's website useful for learning,
http://members.aol.com/jpeschel/index.htm> and maybe (I haven't read
it) _Hacker Disassembling Uncovered_ by Kris Kaspersky et all, ISBN:
1931769222 a useful introduction to disassembling and reverse
engineering.

"Nathan Gutman" <ngutman@cshore.com> wrote in message
news:lh0uuv4g6jqsbhbhi5lcaootltslvk3f62@4ax.com...
My thanks to msbob for directing me to Joe Peschel's most interesting
website and for providing a book title to read.
I am though perplexed by the few negative responses. What's wrong with
someone interested to learn about password recovery? Many before me
did it and must have followed a path similar to mine.The only reason
that I seem to focus on VB/VBA is that these are the languages that I
am somewhat familiar with which might help to shorten the learning
curve.

This parallels that whitehat/blackhat hacker arguments.

That is, is it ok to hack someones box to learn how the system works? Or
should I only hack my own box? How do we know that the file you are trying
to decrypt doesn't belong to someone you stole it from?

Plus as was pointed out, if you want to learn real cryptography than
"password recovery" is not the place to start. Start leacorning the
terminology [several good intro books on the subject including Applied
Crypto [2nd ed.] by Schneier]. Then jump into your field of interest [there
are many within crypto ranging from the highly theoretic to highly
practical].

Tom

You say that there are books on the subject but do not offer too many
titles.

Nathan Gutman <ngutman@cshore.com> writes:
You say that there are books on the subject but do not offer too many
titles.

He suggested Applied Cryptography by Bruce Schneier. That's the
standard suggestion around here for people wanting to learn about
crypto implementation, which is what you expressed interest in, so
that's where you should start. It has a good bibliography if you want
to go further.

If you have a different crypto-related interest, say what it is and
maybe someone can suggest a more appropriate book for you.

news:rg2vuv4cjfu9q083e8mvc3itlnaqd4vteg@4ax.com...
You say that there are books on the subject but do not offer too many
titles.
If I am here talking to the wrong group and bending some out of shape
can you suggest a different group to talk to?