Korelogic Logo
Solving Your Complex Core
Business Risks In An Innovative,
Pragmatic, Cost-Effective Way
  Check out the KoreLogic Blog  

Analytical Solutions :
Password Recovery Service

Confidential intellectual property, networks, and systems depend on passwords chosen by end users. As managers, you must rely on your users to not place company assets at risk.  At the same time, business functions are increasingly relying on password protected documents as a means to secure sensitive data, yet there are virtually no controls in place to ensure that the passwords used to protect those documents are adequate.

In many cases, little is done to enforce password standards beyond basic complexity controls built into authentication mechanisms.  Your firm can have strong security controls, but all it takes to open up your intellectual property to an intruder is one weak user/administrator password.

To manage the risks associated with both of these scenarios, you need insight into how passwords are being chosen. KoreLogic’s Password Recovery Service was established to help quantify the risk for your organization and help you address these gaps as well as:

  • Provide a secure method of outsourcing password audits providing a baseline of password strength and analysis of complexity.

  • Equip security departments with the information needed to train end users on how to create stronger, more complex passwords.

  • Equip security departments with the information needed to evaluate risks associated with the company's current password policy.

  • Recover plaintext passwords for any number of possible legitimate uses such as auditing password complexity, identifying end users for additional training, supporting internal investigations, obtaining credentials for users who are no longer with the company, etc.

  • Recover plaintext passwords for encrypted documents (e.g., PDF) and/or archives (e.g., ZIP) for any number of possible legitimate uses such as restoring access to password protected documents containing critical information, supporting internal investigations and/or eDiscovery requests, etc.

Why KoreLogic’s Password Recovery Service?

Until now, there have been three basic options when it comes to password security:

  • Establish password complexity requirements, perform no audits, and hope for the best.

  • Purchase hardware/software and perform the audit yourself. This approach will likely recover the short and common hashes, but fail to crack the longer, more complex passwords. The typical recovery rate for this approach is around 10-20%.

  • Use an untrusted third party and/or cloud-based provider who cannot guarantee control of your intellectual property.

Why take those chances?

KoreLogic's password recovery service is done in a highly secure manner by experts who are well known in the industry, published and trusted by the password cracking community for a wealth and diversity of knowledge. KoreLogic has been collecting patterns and developing custom rules/wordlists to maximize cracking results for nearly a decade.

Additionally, KoreLogic has been funded by the Defense Advanced Research Projects Agency (DARPA) to conduct research and build innovative solutions aimed at reducing and/or eliminating the security risks mentioned above. You can trust that KoreLogic will keep your data safe and deliver a quality product with expected results.


Confidentiality and Security

KoreLogic takes security seriously. All KoreLogic systems used to distribute and/or crack any password hashes are:

  • Owned, hardened and operated by KoreLogic (cloud-based or third party systems are never used).

  • Deployed in physically secured environments with 24/7/365 surveillance requiring badge access and/or biometric authentication. Also, digitally monitored 24/7/365 by KoreLogic engineers.

  • Protected using encrypted protocols (e.g., SSL, SSH, etc.) and media (e.g., AES-encrypted drives).

Additionally, candidate hashes, documents, and any other client-supplied data are only stored within KoreLogic's proprietary cracking grid for the duration of the work order. These items are explicity purged once the work order has ended.

For detail on Service and to read related Case Studies, Click Here.

Our team will work with you to determine and shape services to your specific needs, utilize your requirements to determine your level of business risk, and provide you with practical technical data and remediation approaches that address your specific business objectives.

Our seasoned consultants will leverage their depth of experience and will employ an approach that demystifies and translates the technical, social, and political complexities of information security into data that your staff will understand and use.

Korelogic Differentiators

Best practices from KoreLogic's R&D team and real world experience.

Exclusive focus on security R&D and security services.

Expert Methodology.
KoreLogic utilizes real-world and proven analysis protocols. We can think and act like skilled hackers.

Client Relationship.
High renewal and strong references. We interact seamlessly with our clients' management, internal audit, legal and technical staff.

KoreLogic recommends only what is best for the client - period.



Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Disclosure Policy [pdf] [txt] : Copyright 2015. KoreLogic Security. All rights reserved