Algorithms (e.g. SHA256, SHA512, AES) and methods (e.g. PBKDF2) utilized in modern software are quite strong. Hashing algorithms are commonly applied multiple times making known cryptanalysis research methods inapplicable. Passwords are usually salted (random values are added) in order to block any preimage attacks or generation of rainbow tables. It is easy to see that password search is the only real option in such cases and our goal is to provide you with highly optimized tools with very flexible search patterns setup.
Password search is a guessing game - your password can be as simple as "1234" for example, but alphabetic-only search is not going to be successful in any timeframe when digits-based search expected to be quite fast. There are multiple ways to search for the same password, time requirements are different as well. Example: password "P4ssword" can be discovered in a very slow manner with 8 char long brute-force search. Mixed attack: 1 char 'A..Z' + 1 char '0..9' + 6 char 'a..z' is a lot faster. Dictionary attack with capitalization and replacement option 'Aa->4' is a way faster alternative in this case.
It is easy to see from examples that additional details (known or assumed) can shorten search time significantly.
Basic combinatorics knowledge is handy for a search complexity assessment. Password candidates are generated as a composition of the parts (chars, words) and all possible combinations have to be processed. The number of combinations equals to the multiplication of the number of items in each part. Four-digit pin complexity is equal to 10*10*10*10=10000=10^4 (10 raised to the 4th power) variants from 0000 to 9999. Five-digit pin is 10 times more complex and requires 10 times more search time. Two dictionaries with X and Y number of items respectively, can be combined into X*Y passwords candidates. There are 26*26 combinations of a two lowercase Latin alphabet letters, but 52*52 (4 times more) lower/upper case variants.
Best way to start:
We believe that a test case with known password is the best way to start. In just few minutes you can check format compatibility, see full cycle from attack setup to "recovered password" dialog. It is also much easier to setup initial attacks / search settings with known target in mind.
A dozen of attacks are preset in all our password search tools by default. These attacks are based on common password generation techniques and intended to be basic examples of brute-force, dictionary and mixed attacks. You can try all or some of them, but in most cases it is faster to disable most of them and build a new attack (or modify existing) for the task in hand. Many search options and modifications available today were proposed by our customers over the years, thus please feel free to request additional options / mods to extend search flexibility.
Password search progress:
Password search progress is saved as position within current attack for current task every 5-10 minutes. This allows you to switch from file to file and from attack to attack with just several last minutes of search discarded. Note: password recovery progress is not used in trial version.
Attack complexity limit:
Attack complexity limit is 2^128 (2 raised to the power of 128). With digits only charset it is around 38 chars brute-force attack (or 18-19 with all printable chars). 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 passwords to examine and with any search speed it is more than a lifetime. Additional details (known or assumed) can be used to create mixed attacks with reasonable complexity.
Mixed attacks are also designed to allow multi-PC processing without network setup and maintenance headaches. Any search range can be easily split into several blocks to be processed in parallel. A simple PIN search 0000..9999 can be split into 0000..4999 + 5000..9999 with two mixed attacks: 1 char "0..4" + 3 char "0..9" on PC1 and 1 char "5..9" + 3 char "0..9" on PC2. In additional to multi-computer processing this technique is also useful for out of order processing (if some blocks are more likely to contain the right password), etc.
It is worth noting that a single license cannot be used on multiple computers.
Our tools use OpenCL API to interact with GPU cards. Free tools like "GPU Caps Viewer" can be used to verify all OpenCL platforms / devices available on your system. "clinfo" command line tool is also pre-installed with all modern GPUs, thus you can export current OpenCL parameters into a file with a single command: "clinfo > clexport.txt". Single-vendor implementations are usually issue-free. The OpenCL ICD extension allows multiple platforms of OpenCL to co-exist on the same system (AMD + Intel, etc.), but sometimes it is necessary to disable and uninstall one of the vendors drivers (like integrated Intel HD) to allow main powerful GPU to function properly.
Processing in blocks:
Password candidates are processed in blocks. CPU blocks are equal in size and selected to be processed within 1-2 seconds of a timeframe. GPU blocks are variable in size and can take up to 5 minutes to complete . Search status dialog shows sample passwords and search speed based on current blocks sent to CPU and GPU, thus sample passwords can be out of sequence and it can take up to 5-10 minutes for all results to be summed into full search speed.
Error in OCL / OCL Build
Please check the latest program version and / or download and install the latest drivers for your Graphics Processing Unit (GPU). AMD and Nvidia drivers are usually up to date, but it is not uncommon to have 5-6 years old Intel HD GPU drivers installed. AMD Clean Uninstall Utility can be used to reinstall drivers and fix settings errors. We suggest to uninstall unused GPU drivers as well if AMD card was replaced with NVIDIA card or vice versa.
Error in GPU thread / nvopencl.dll...
Errors in nvopencl.dll or NVIDIA driver failures are usually due to a power shortage, overheating or overclocking. Cooling issues are easy to test with NVIDIA tools or a number of free tools like "GPU-Z". NVIDIA cards default shut-off temperature is 85-95C. Power shortage can be a factor as well. Please check your card recommended minimum. Password recovery is the hardest task for GPU, thus extra 100-200W is more appropriate. CPU/GPU page can also be used to set CPU threads count manually to lower CPU power consumption and heat output.