Password Search FAQ
Algorithms (e.g. SHA256, SHA512, AES) and methods (e.g. PBKDF2) utilized in modern software are quite strong. Hashing algorithms are commonly applied multiple times making known cryptanalysis research methods inapplicable. Passwords are usually salted (random values are added) in order to block any preimage attacks or generation of rainbow tables. It is easy to see that password search is the only real option in such cases and our goal is to provide you with highly optimized tools with very flexible search patterns setup.
Password search is a guessing game - your password can be as simple as "1234" for example, but alphabetic-only search is not going to be successful in any timeframe when digits-based search expected to be quite fast. There are multiple ways to search for the same password, time requirements are different as well. Example: password "P4ssword" can be discovered in a very slow manner with 8 char long brute-force search. Mixed attack: 1 char 'A..Z' + 1 char '0..9' + 6 char 'a..z' is a lot faster. Dictionary attack with capitalization and replacement option 'Aa->4' is a way faster alternative in this case.
It is easy to see from examples that additional details (known or assumed) can used to shorten search time significantly.
Basic combinatorics knowledge is handy for a search complexity assessment. Password candidates are generated as a composition of the parts (chars, words) and all possible combinations have to be processed. The number of combinations equals to the multiplication of the number of items in each part. Four-digit pin complexity is equal to 10*10*10*10=10000=10^4 (10 raised to the 4th power) variants from 0000 to 9999. Five-digit pin is 10 times more complex and requires 10 times more search time. Two dictionaries with X and Y number of items respectively, can be combined into X*Y passwords candidates. There are 26*26 combinations of a two lowercase Latin alphabet letters, but 52*52 (4 times more) lower/upper case variants.
Attack complexity limit:
Attack complexity limit is 2^128 or 128-bit (2 raised to the power of 128). With digits only charset it is around 38 chars brute-force attack (or 18-19 with all printable chars). 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 passwords to examine and with any search speed it is more than a lifetime. Additional details (known or assumed) can be used to create mixed attacks with reasonable complexity.
Best way to start:
We believe that a test case (e.g. test file) with known password is the best way to start. In just few minutes you can check format compatibility, see full cycle from attack setup to "recovered password" dialog. It is also much easier to setup initial attacks / search settings with known target in mind.
A dozen of attacks are preset in all our password search tools by default. These attacks are based on common password generation techniques and intended to be basic examples of brute-force, dictionary and mixed attacks. You can try all or some of them, but in most cases it is faster to disable most of them and build a new attack (or modify existing) for the task in hand. Many search options and modifications available today were proposed by our customers over the years, thus please feel free to request additional options / mods to extend search flexibility.
Password search progress:
Password search progress is saved as position within current attack for current task every 5-10 minutes. This allows you to switch from file to file and from attack to attack with just several last minutes of search discarded. Note: password recovery progress is not used in trial version.
As soon as correct password is found program stops, displays it using special dialog and saves current search position. There is no way for a search engine to pass the password. Recovered password is not saved for security reasons, but it can be recovered again rapidly by restarting from saved position if program / computer was forced to shutdown for any reason (system update, power failure, etc.). You can also setup post-search notification.
Output attacks to a file:
This option allows you to save list of password candidates to a file (UTF8 encoded plain text file) without any password verification calculations. This can be used as a simplest method to verify attacks settings or to generate a new wordlist based on one or several attacks. Wordlist generator is quite fast, thus big enough sample for settings verification will be ready in just a few seconds and you can stop the process to avoid extra disk load. If your goal is wordlist generation, please note that some attacks (brute-force for example) can generate multi-GB or multi-TB files.
Mixed attacks are also designed to allow multi-PC processing without network setup and maintenance headaches. Any search range can be easily split into several blocks to be processed in parallel. A simple PIN search 0000..9999 can be split into 0000..4999 + 5000..9999 with two mixed attacks: 1 char "0..4" + 3 char "0..9" on PC1 and 1 char "5..9" + 3 char "0..9" on PC2. In additional to multi-computer processing this technique is also useful for out of order processing (if some blocks are more likely to contain the right password), etc.
It is worth noting that a single license key cannot be used on more than one PC.
Our tools use OpenCL API to interact with GPU cards. Free tools like "GPU Caps Viewer" can be used to verify all OpenCL platforms / devices available on your system. "clinfo" command line tool is also pre-installed with all modern GPUs, thus you can export current OpenCL parameters into a file with a single command: "clinfo > clexport.txt". Single-vendor implementations are usually issue-free. The OpenCL ICD extension allows multiple platforms of OpenCL to co-exist on the same system (AMD + Intel, etc.), but sometimes it is necessary to disable and uninstall one of the vendors drivers (like integrated Intel HD) to allow main powerful GPU to function properly.
Processing in blocks:
Password candidates are processed in blocks. CPU blocks are equal in size and selected to be processed within 1-2 seconds. GPU blocks are variable in size and can take up to 5 minutes to complete . Search status dialog shows sample passwords and search speed based on current blocks sent to CPU and GPU, thus sample passwords can be out of sequence and it can take up to 5-10 minutes for all results to be summed into full search speed.
Error in OCL / OCL Build
Please check the latest program version and / or download and install the latest drivers for your Graphics Processing Unit (GPU). AMD and Nvidia drivers are usually up to date, but it is not uncommon to have 5-6 years old Intel HD GPU drivers installed. "AMD Clean Uninstall Utility" can be used to reinstall drivers and fix settings errors. We suggest to uninstall unused GPU drivers as well if AMD card was replaced with NVIDIA card or vice versa.
Error in GPU thread / nvopencl.dll...
Errors in nvopencl.dll or GPU driver failures are usually due to a power shortage, overheating or overclocking. Cooling issues are easy to test with vendor tools or a number of free tools like "GPU-Z". NVIDIA and AMD cards default shut-off temperature is ~80-90C. Power shortage can be a factor as well. Please check your card recommended minimum. Password recovery is the hardest task for GPU, thus extra 100-200W are more appropriate. CPU/GPU page can also be used to set CPU threads count manually to lower CPU power consumption and heat output.
Many GPUs are factory overclocked and some are just not designed to work under constant heavy load, thus it might be necessary to downclock (10-20% can make a big difference) such devices for a stable issue-free performance. Tools like "MSI Afterburner" are available to control GPU core speed as well as other settings like fan speed, power consumption, etc.
Another option is to use CPU/GPU page to set GPU rest time (in percent of block processing time).