<< Click to Display Table of Contents >> Navigation:  System and Data Recovery Programs > Elcomsoft Password Digger > Introduction

Elcomsoft Password Digger (EPD) is a Windows tool to decrypt information stored in the macOS keychain. The tool dumps the content of an encrypted keychain into a plain XML file for easy viewing and analysis. One-click dictionary building offers the ability to dump all passwords from the keychain into a plain text file, producing a custom dictionary for password recovery tools. A custom dictionary containing all user passwords can be used to speed up password recovery when breaking encrypted documents or backups. Both system and user keychains can be decrypted.

 

Mac OS X uses keychain to manage system-wide and user passwords. System passwords are stored in the system keychain and include Wi-Fi passwords.

 

User keychain can contain highly sensitive authentication information such as passwords to Web sites and accounts (including the user’s Apple ID password), VPN, RDP, FTP and SSH passwords, passwords to mail accounts including Gmail and Microsoft Exchange, passwords to network shares, and iWork document passwords. Third-party applications can store sensitive information in the keychain. In addition, the keychain may contain private keys, certificates, authentication tokens, and secure notes. Information stored in the keychain is securely encrypted.

 

While Apple provides Keychain Access, a built-in utility for viewing keychain items, using Keychain Access is less than convenient as the user has to re-enter the password for accessing each individual record.

 

Elcomsoft Password Digger dumps information from Mac OS keychain into a plain, decrypted XML file that can be imported into any XML-enabled tool including Microsoft Excel for easily viewing keychain items.