A Russian security company has released a software tool that will allow users to recover lost passwords or change forgotten ones.

Elcomsoft's latest upgrade to its Distributed Password Recovery (EDPR) product increases the speed at which passwords can potentially be recovered from the hard disk with PGP encryption, said Olga Koksharova, Elcomsoft's marketing and sales director.

EDPR lets administrators use off-the-shelf graphics cards from Nvidia to crack passwords, taking advantage of the parallel processing capability that can figure out passwords or encryption keys much faster than desktop CPUs.

The update adds GPU acceleration, which Elcomsoft says speeds up password recovery between 10 to 200 times more than using only desktop CPUs. A single Nvidia GeForce GTX 295 using EDPR can work about 15 times faster than an Intel Q6600 Core 2 Quad 2.4 GHz chip, the company said.

Scaling up, four Nvidia GeForce GTX 295 cards can brute-force 500,000 passwords per second using EDPR, Koksharova said.

But Elcomsoft's software can't necessarily recover every password, since it depends on the password's length and complexity. For example, an eight-character password consisting of only lower-case characters is likely recoverable, but the chances of recovery are slimmer for a nine-character one that includes a special symbol.

Overall, PGP disk encryption is very secure, Koksharova said. PGP uses 256-bit AES (Advanced Encryption Standard) keys for its whole-disk product. But studies show that people are relatively lazy about passwords, often making them easy to guess or too short.

Elcomsoft's software is legal to use as long as an administrator has proper permission to use it on machines. EDPR starts at £599 for use on 20 client machines.

The Elcomsoft release follows hot on the heels of Lenovo, which launched a similar password management tool earlier this week.