Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Attacking hashes > GPU brute-force attack
Recovering Windows hashes - GPU brute-force attack
03.10.2014
Passcape Wordlist Collection
Over 3 Gb of new dictionaries were added
29.09.2014
Wireless Password Recovery v3.4
Improved performance processing a big list of WPA hashes
11.09.2014
Windows Password Recovery v9.8.0
Speed improvement brute-forcing a big list of hashes, animated reports, etc.
14.08.2014
Reset Windows Password v4.2
with SYSKEY password lookup feature

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - GPU brute-force attack


A GPU brute force attack is fully identical to a regular brute force attack, except that passwords are searched by the graphics processing unit of your PC instead. It is no secret that the performance of modern graphics cards is an order of magnitude greater than that of CPUs; this makes them a convenient tool for heavy calculations, such as password recovery. It is important to understand that calculations using graphics cards have a number of disadvantages. For example, some algorithms with a great number of conditional jumps and other checks demonstrate extremely poor performance on GPU, and in certain cases it may be even lower than on a regular CPU.

Anyway, the software supports brute force password search using GPU. You can compare the performance indicators of GPU vs. CPU calculations through the respective menu item of the application or present it visually through the 'Reports' menu. Recovery speed using modern video cards can reach billions (!) passwords per second.

The configuration of GPU brute force attack consists of three parts:

  1. Choosing a character set for the search.
  2. Specifying password length.
  3. Configuring the graphics processing unit.


Choosing a character set for the search

When choosing a character set for a brute force attack, you are normally guided by empirical considerations. For example, if the expected password consists of lower-case Latin characters and digits, it makes sense to choose the range 'a-z, 0-9'. The smaller the character set, the sooner the attack completes.
On the other hand, there is always a chance to make a wrong choice of the expected character set. If at least one character of the password to be recovered is not included in the specified character set, the password will not be found.
At the bottom of the attack settings dialog, you can see the total number of passwords that match the specified character set and password length.
It is important to know that LM passwords in Windows are always converted to upper case; that significantly cuts the range of passwords to be searched!



Specifying password length

On the second tab of the options page, set the minimum and maximum length of searched passwords. As an alternative to minimum length, you can set the source password, which the search would begin with. The maximum length of LM in Windows operating systems is 7.



Configuring the graphics processing unit

Before you can use it in an attack, you must first select the graphics card on the respective menu item.

GPU brute-force attack

GPU configuration consists of only two parts:

  1. Setting the number of parallel graphics card’s blocks, where passwords would be searched. Each block consists of 256 threads. Thus, if you set the number of blocks to 256, the GPU will run 256*256=65536 threads. The total number of checked passwords for one call to GPU kernel will be 256*ThreadBlocks*PasswordsPerThread. In our case 256*256*1000 = 65 536 000 passwords. It is recommended to always set the ThreadBlocks parameter to a multiple of 64. Setting the value smaller than 256 on modern graphics cards, in the majority of cases, leads to poor performance.
  2. Setting the maximum number of passwords one thread can search. The greater the value, the lower the overhead associated with launching threads, and the higher the search speed. However, setting too great a value may hang the computer or cause significant fluctuations in the current search speed, displayed on the attack status tab. This is caused by the fact that task completion time on the GPU exceeds the time required for refreshing the current state of the attack. Setting too big numbers may cause even a system failure.