A Pickle

Computer says no.

 

What's the maximum time you're willing to wait to reach step 4? 1 year? 5 years? 30 years? That may seem like a silly question, but it's actually very important.

What's the maximum amount of effort you're willing to put into the first 3 steps? Again, it's very important to get a realistic answer to this.

People with no experience in these matters (learning to program well, and password cracking) frequently underestimate the skill or time actually needed.

I've got over 20 years of programming experience, including at least 5 years in security, and writing a password cracker would not be something I would undertake as blithely as you seem to propose.

Personally, I would have taken great pains up front to make sure my password wasn't lost, or intentionally set a shorter and more easily crackable one, but it's too late for that now.

That doesn't even seem like a practical design, so after you learn the programming language and have some skill in writing real-world programms, you'll have to study password cracking more earnestly, otherwise you'll really be wasting your time. And I don't just mean wasting a month or two, I mean like wasting a few millenia by using a poor algorithm, or a poor implementation, or a poor design.

For example, you should start by reading this Ars Technica article.

 

It depends. Among other things it helps me avoid stupid mistakes like using the same password on multiple accounts. Or at least I understand the risks of doing so, and I don't waste time using strong passwords on accounts with low risk (such as my MacRumors account).

The main thing is I always ask myself, "What's the worst that can happen?", and because I know some of the things that can happen, and how those might be recovered from (or not recovered from), it guides me in putting effort into the things that matter. Like recovering passwords for a phone, or choosing an admin password for a local machine (as distinct from a portable machine).

It's also good to know about really basic stuff, such as the likelihood of a disk failure and losing data is far higher than the risk of an online password compromise. So safeguarding data is more about making backups and being sensible than it is about being super-security-aware.

 

It would be much easier to attack the iTunes backup files directly, and not program a GUI or have your app interact with iTunes. Those tasks are a serious waste of time, and interacting with iTunes would frankly be a nightmare.

There are some details about how iTunes backups are encrypted here: http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf

But seriously, start with smaller goals.