Thegrideon Software. One less reason to worry.
» » » » Password Search FAQ

Password Search FAQ

Strong encryption:
Algorithms (e.g. SHA256, SHA512, AES) and methods (e.g. PBKDF2) utilized in modern software are quite strong. Hashing algorithms are commonly applied multiple times making known cryptanalysis research methods inapplicable. Passwords are usually salted (random values are added) in order to block any preimage attacks or generation of rainbow tables. It is easy to see that password search is the only real option in such cases and our goal is to provide you with highly optimized tools with very flexible search patterns setup.

Search basics:
Password search is a guessing game - your password can be as simple as "1234" for example, but alphabetic-only search is not going to be successful in any timeframe when digits-based search expected to be quite fast. There are multiple ways to search for the same password, time requirements are different as well. Example: password "P4ssword" can be discovered in a very slow manner with 8 char long brute-force search. Mixed attack: 1 char 'A..Z' + 1 char '0..9' + 6 char 'a..z' is a lot faster. Dictionary attack with capitalization and replacement option 'Aa->4' is a way faster alternative in this case.
It is easy to see from examples that additional details (known or assumed) can shorten search time significantly.

Search complexity:
Basic combinatorics knowledge is handy for a search complexity assessment. Password candidates are generated as a composition of the parts (chars, words) and all possible combinations have to be processed. The number of combinations equals to the multiplication of the number of items in each part. Four-digit pin complexity is equal to 10*10*10*10=10000=10^4 (10 raised to the 4th power) variants from 0000 to 9999. Five-digit pin is 10 times more complex and requires 10 times more search time. Two dictionaries with X and Y number of items respectively, can be combined into X*Y passwords candidates. There are 26*26 combinations of a two lowercase Latin alphabet letters, but 52*52 (4 times more) lower/upper case variants.

Best way to start:
We believe that a test case with known password is the best way to start. In just few minutes you can check format compatibility, see full cycle from attack setup to "recovered password" dialog. It is also much easier to setup initial attacks / search settings with known target in mind.

Default attacks:
A dozen of attacks are preset in all our password search tools by default. These attacks are based on common password generation techniques and intended to be basic examples of brute-force, dictionary and mixed attacks. You can try all or some of them, but in most cases it is faster to disable most of them and build a new attack (or modify existing) for the task in hand. Many search options and modifications available today were proposed by our customers over the years, thus please feel free to request additional options / mods to extend search flexibility.

Password search progress:
Password search progress is saved as position within current attack for current task every 5-10 minutes. This allows you to switch from file to file and from attack to attack with just several last minutes of search discarded. Note: password recovery progress is not saved in trial version.

CPU/GPU page

Attack complexity limit:
Attack complexity limit is 2^128 (2 raised to the power of 128). With digits only charset it is around 38 chars brute-force attack (or 18-19 with all printable chars). 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 passwords to examine and with any search speed it is more than a lifetime. Additional details (known or assumed) can be used to create mixed attacks with reasonable complexity.

GPU Utilization:
Our tools use OpenCL API to interact with GPU cards. Free tools like "GPU Caps Viewer" can be used to verify all OpenCL platforms / devices available on your system. "clinfo" command line tool is also pre-installed with all modern GPUs, thus you can export current OpenCL parameters into a file with a single command: "clinfo > clexport.txt". Single-vendor implementations are usually issue-free. The OpenCL ICD extension allows multiple platforms of OpenCL to co-exist on the same system (AMD + Intel, etc.), but sometimes it is necessary to disable and uninstall one of the vendors drivers (like integrated Intel HD) to allow main powerful GPU to function properly.

Processing in blocks:
Password candidates are processed in blocks. CPU blocks are equal in size and selected to be processed within 1-2 seconds of a timeframe. GPU blocks are variable in size and can take up to 5 minutes to complete . Search status dialog shows sample passwords and search speed based on current blocks sent to CPU and GPU, thus sample passwords can be out of sequence and it can take up to 5-10 minutes for all results to be summed into full search speed.

Error in OCL / OCL Build
Please check the latest program version and / or download and install the latest drivers for your Graphics Processing Unit (GPU). AMD and Nvidia drivers are usually up to date, but it is not uncommon to have 5-6 years old Intel HD GPU drivers installed. AMD Clean Uninstall Utility can be used to reinstall drivers and fix settings errors. We suggest to uninstall unused GPU drivers as well if AMD card was replaced with NVIDIA card or vice versa.

Error in GPU thread / nvopencl.dll...
Error in nvopencl.dll is a NVIDIA driver failure due to power shortage or overheating.
Cooling issues are easy to test with NVIDIA tools or a number of free tools like "GPU-Z". NVIDIA cards default shut-off temperature is 95C.
Power shortage can be a factor as well. Please check your card recommended minimum. Password recovery is the hardest task for GPU, thus extra 100-200W is more appropriate. You can also use CPU/GPU page to set CPU threads count manually to lower CPU power consumption and heat output.

CPU/GPU page

Copyright © 2003-2018 .
Thegrideon Software and Thegrideon Service are trademarks of Thegrideon Corp. Terms of use | Privacy.
All trademarks, logos, product names & pictures mentioned or displayed herein are the property of their respective holders.