[ LastBit Software Home Page ]   [ Help Index ]

Recover Passwords Using Universal Recovery Methods

It may not be always possible to quickly recover a forgotten password. If the password protection is done the right way, you will have to go with one of the methods described below. These methods are applicable for the recovery of passwords of any types (click to learn more about each method).

Brute Force Attack - complete one-by-one search among all possible passwords.

Dictionary Search - search for password with dictionary.

Smart Force Attack (TM) - our improved version of the Brute Force Attack.

Password Variation - applicable when the user remembers the password approximately.

Automatic Mode - a combination of all of these methods; not the most efficient but yet the simplest method to use.

Out of all of these methods, only the Brute Force Attack guarantees the recovery of the password. However, that may take very, very much of time. The time required may appear to be absolutely unacceptable, and that will mean that the chances to recover a long password are very light. Besides that, besides the length and the complexity of the password, the result depends on your patience, available computing power, and luck. Use our Password Calculator to estimate the recovery time.

There is no such thing as the best password recovery method. For example, you have spent 4 hours on recovering a 7-character lowercase password, but the password has not  been recovered. What options do you have? Continue with searching for an 8-character lowercase password - that will take 4 days -or refine the search for a 7-character but not an alphanumerical password - that will take 43 hours? There is no right answer on the both questions. Nevertheless, some recommendations can be helpful.

  1. If you know the password phrase approximately or partially, try the password variation mode. The program will automatically iterate the various combinations for each of the given phrase.

  2. Then try the automatic mode for 2-4 hours. If the password is short or simple, it will be recovered.

  3. Then try the Dictionary Search (hybrid mode); make sure you are using the greatest dictionary size available (to keep the setup file rather small, it only includes the small dictionary; you can download the larger dictionaries from here). Depending on the size of the dictionary, that will take from a few minutes to a few hours.

  4. If nothing has helped - either use the automatic mode again and leave the program running for good (several days or more), or set the Brute Force Attack options manually.

IMPORTANT! If you know the password's beginning or end - please enter that. That will reduce the search time dramatically! Also, if you know any information about the password - use it. For instance, if you know the password consists of just numbers - use that information when setting up the Brute Force Attack parameters. There is no sense on using the automatic mode in such case.

The recovery speed directly depends on the computer's performance features. The most important factors are the CPU clock and architecture. Other features, like the amount of RAM or free hard disk space literally do not affect the speed. You can use several computers to speed up the recovery process as described below.

Starting Recovery

In the beginning, you will be asked to choose the operating mode: Automatic, User-Defined. Besides, when such opportunity is available, you can be also suggested an alternative recovery method (e.g., Guaranteed Recovery). If you select the automatic mode, you will not have to deal with the program's settings; however, the search may follow a not the best route in your particular case.

If you select the User-Defined mode, the program will first create a "task file" (.pwc file type). The recovery options and the current state are stored in the .pwc file. Password recovery may take a lot of time and can be interrupted. Use the "Resume Password Search" menu command and select the .pwc file to resume an interrupted search. 

On this step, you can load the configuration you saved previously.

Next, select a recovery method recovery method: brute-force, dictionary search or smart-force. Depending on the selected method, you will need to specify various additional options.

Password length (Brute Force Attack, Smart Force Attack) - passwords of which length are to be searched for.

Prefix and/or postfix. You can specify the password prefix and/or suffix. For example, if you know the first character of the password, you can enter it and improve the search speed substantially.

Case mode. Specify the capitalization rule (whether passwords are case-sensitive). Possible options are: lower case, UPPER CASE, Proper Case (word, Word, WORD) and both (all possible combinations).

Character set (Brute Force Attack only) - the set of characters available in the password. For example: letters only, numbers only, letters and numbers. The greater character set is selected, the more time will the program need to recover your password. On the other hand, by cutting the character set you are raising the risk of failure finding the password, for it may contain a character that you have crossed out of the list.

Hybrid Мode (Dictionary Attack only) - the password search will be based on a dictionary; however, each word will be also checked with the additional numbers at the end.

Password Variations (Dictionary Attack only) - allows to use the "Password Variation" recovery method. Use this when you know what the password looks like. The program will build a "dictionary" containing all possible combinations of the password fragments you have entered, so you can use that dictionary to continue searching for your password.

Distributed Attack (Brute Force Attack only) - You can use several computers (up to 16) to speed up your Brute Force Attack. Use the 'Brute Force Attack' wizard to prepare for the Distributed Brute Force Attack. This wizard will generate a couple of the .pwc files (one per computer). Run the program on each of the computer and then select the .pwc file to be used (each computer has its own file). You can use this method to speed up the search on a single computer also if it has multiple CPUs or it is multicore.

Note on Smart Force Attack

Both brute-force attack and dictionary search methods are well known. Our software provides a new recovery method called "Smart-force attack". The brute-force attack is so slow because it has to check for every possible password. For the most part, there are combinations like jkqmzwd which are totally senseless among billions and trillions of passwords being searched. The Smart Force Attack is an optimized search algorithm which only tries "reasonable" passwords. But it also has some disadvantages:

  1. Current version is adapted for the English language only. Smart Force does not recover passwords that contain digits or other characters. For example, a password like 'soft4you' is not recoverable with the Smart Force Attack.

  2. Some words are considered to be difficult for 'Smart Force'. For instance, the word 'runway' is very hard for Smart Force to crack, because the 'nw' sequence in the middle of the word is considered by 'Smart Force' as impossible.

  3. The Smart Force engine supports passwords of 5 characters and longer. For shorter passwords, Brute-Force Attack is automatically invoked.

  4. Smart Search is not available in the DEMO version (because the DEMO version recovers short passwords only).

You should specify the Smart Force level as an integer in the range of 1...26. The lower Smart Force level is, the faster it will work. But it's also true that the lower this level is, the greater is the chance to miss the right password. If the level is 26 (maximum value), the Smart Force method will perform as the Brute Force method without acceleration. So, the reasonable values for the Smart Force level are 9..16 (default is 13). The smart force engine supports passwords of 5 to 12 characters in length. For more information, please visit: www.lastbit.com/psw2.asp and learn more about the Smart Force method. Note that the Smart Force attack does NOT guarantee a success. 

International Issues

You may skip this section if your passwords are made up of English characters only. This program can recover passwords in all languages. However, please note the following:

- The Smart-Force recovery method cannot be used for the non-English password recovery.

- The Dictionary Search will work fine, but the dictionary itself must contain words in the target language. You should download and use a dictionary in the target language.

- You have to use a custom charset to use the Brute-Force attack.

- Do not use the Automatic mode if your lost password may contain non-English characters.

 

[ LastBit Software Home Page ]   [ Help Index ]