Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Attacking hashes > Phrase attack
Recovering Windows hashes - phrase attack
01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - phrase attack


More and more users choose to make up their pass phrases of entire phrases, passages from poems, movie aphorisms, Latin aphorisms, etc. Attempting to recover such passwords using the traditional techniques is unthinkable, even with the reference to the advancement of the computing power of modern computers. Therefore, the recovery help comes with the predefined and known phrase attack.

Pass-phrase attack is by much similar to the simple dictionary attack, except that here the password search goes phrase by phrase instead of going word by word. The main idea of the attack is to guess the right password by searching through predefined frequently used expressions, phrases and word combinations.

For example, if the sought password is made of the widespread phrase 'To be or not to be', it is obvious that this is the only attack that has the virtue to cope with such a password. In order to do that, you are to specify a special pass-phrase dictionary. A simple phrase dictionary comes with the software, but you can also download the online dictionaries that were compiled specifically for this attack.

It wouldn't be an overestimation to say that 99 percent of the success in the recovery of a password with a dictionary attack depends on the quality of the dictionaries. Most likely, that is the reason why this type of attacks doesn't appear in just about any password cracker. Passcape Software allows utilizing a whole set of online and offline dictionaries (totally over 1.5 GB) compiled specially for this type of attack.

For example, many users make their passwords of excerpts from their favorite songs or music bands. That's why we have created special, unique (you won't find anything like that anywhere on the Net!) music-oriented keyphrase sets. There's also a biblical set, movie phrases, proverbs, etc.

Windows Password Recovery comes with a short dictionary of phrases and aphorisms.
 

Phrase dictionaries

Phrase wordlists

The password-phrase attack options almost completely repeat the simple dictionary attack options: here, you also are to select one or several dictionaries for the phrase source, it also allows loading additional dictionaries from the Passcape website, and it has the same way for setting phrase mutation rules (creating alternative options).

 

Phrase mutation

Pass-phrase generation rules

As you might have known, strong mutation significantly raises chances for the successful recovery. Weak mutation is normally justified in only one case: for increasing the attack speed or when using dictionaries of large sizes. Medium mutation is a normal balance between the operating speed and the number of generated password phrases. Strong mutation allows finding more difficult passwords by generating the widest range of all possible combinations, to the prejudice of the search speed. The greater is the mutation level, the more passwords the attack will cover. For instance, English phrases typed using the national keyboard layout, abbreviations, etc.

The major difference in mutation levels:

  • Weak - simplest thus fastest mutations.
  • Normal - the same as Weak, but generates several additional mutations and case combinations.
  • Strong - the same as normal plus more mutations and national passwords (according to the installed keyboard layouts, if any).
  • Ultra light - this is a 2-step mutation because every generated in Weak mode password goes through the second mutation round (one used in the Weak mode of the simple dictionary attack).
  • Ultra normal - 2-step mutation. Every password generated in Normal mode is used as a source to generate additional combinations by implementing additional Normal mutation level.
  • Ultra hard - every password generated in Strong mode is used as a source to generate additional combinations by using additional Strong mutation level.
Be careful! Ultra modes generate a great number of passwords, thus the attack may be running extremely slow. To speed up the attack, consider setting up input phrase limits. For example, you can limit input phrases to 10 words and 100 characters.
 

Dictionary generator

Phrase dictionary generator

The third tab uses for creating pass-phrase dictionaries.