I think I’m missing something fundamental about password based data encryption.
A tool that cracks password hash based login authentication knows it’s found the correct password (or an alternate password that still matches the hash) when it successfully logs in. But how does a tool that cracks file or stream based encryption using a password as the source for a key know when it’s successful? It seems to me that different attempted passwords would turn an encrypted source stream into a different set of destination bytes, with a particular password generating the ‘correct’ set of bytes. I don’t understand how a cracking tool would recognize that it had the correct unencrypted set of bytes, stop trying and report ‘Cracked!’.
Most of the time the plain text uses a known pattern. If it would be fully randomized then the attacker cannot distinguish between success and failure. It could be that a set of keys may be returned, of which only one is correct. That said, most plain text contains enough information (like a longer piece of English text) to distinguish a correct key from the wrong one.
Furthermore, the encryption mode may leak enough information to distinguish between the plain text and random text. Block cipher modes – such as ECB and CBC – in particular may use some kind of plain text padding. This padding is added before block encryption, and generally contains identifiable information. Take a look at the PKCS#5/7 padding mode for instance.
Note that encryption algorithms themselves are required to even withstand known plain text attacks, so finding the key should be impossible even if you already know what the decrypted text looks like. However, using passwords weakens the amount of valid keys for modern cryptographic ciphers, so the strength of the password is of utmost importance.