[voxxit]

It is probably just a concatenated string of his credit card number or social security number and random words. I wonder if they are currently trying to crack it using some kind of dictionary brute force mechanism, or if there is some kind of lock out enabled after five tries.

[aidenn0]

If they have physical access, then there is no effective lock-out mechanism. Presumably they can determine which encryption software is used, and can use the algorithm as many times as they want.