Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Attack comparison table
Attack comparison table (Windows hashes)
27.01.2017
Wireless Password Recovery v4.0
This version can recover multiple handshakes simultaneously almost without speed loss
24.01.2017
Reset Windows Password v7.0.5
New features to recovery Internet and network passwords
27.12.2016
Happy New Year!
New Year greetings and holidays discount
27.12.2016
Windows Password Recovery v11.1
Some minor improvements, changes in DPAPI engine

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - attack comparison table

Which attack is the best? How do you choose the attack? The answers to these questions should be found in the attack comparison table.

Attack/description Time required Pros Contras Limitations
Preliminary. A set of light and speedy mini-attacks for finding simple, short or common combinations A couple of minutes Great quick-find tool for quick recovery of common, simple, short passwords, keyboard combinations, repetitive sequences, etc. Good for finding weak passwords quickly; doesn't require additional settings Practically useless for serious analysis, when recovering the majority of complex passwords Finds mainly simple passwords
Artificial Intelligence. The most advanced way of recovering passwords, based on the methods of social engineering Min: 2-3 minutes Max: over an hour The best tool for finding complex passwords, which other methods cannot cope with. Works great for passwords, words and combinations that the user stored in the system any time in the past. During the most efficient analysis, when all the options are set to the maximum performance, the attack takes considerable time. Finds not all passwords. Efficient only when run on the original system (where the passwords were taken)
Brute-force. Searches all possible combinations within a specified character set Depends on options The only attack (along with the mask attack) that is guaranteed to recover a completely unknown password. Good for any short and medium passwords Searching long passwords takes considerable time. Hard to guess the right range of characters to be searched. May take centuries to search long passwords. Does not find passwords when uses wrong character set or password length exceeds the one specified
Dictionary. Finds password by searching words from predefined dictionaries (word-lists) Almost instantly Good and speedy tool for recovering common passwords Requires having good dictionaries, does not take into account peculiarities of the language and letter case Finds only common passwords
Dictionary with smart mutation. Same as dictionary attack, except here each word from the dictionary undergoes all kinds of mutations. For instance, appending numbers, changing letter case, deforming (displacing) letters, etc. Up to 1000000 times slower than a simple dictionary attack Good for all sorts of variations of common passwords The maximum (most effective) mutation takes considerable time Fails to find strong (non-dictionary) passwords, mutation takes considerable time
Mask. Finds passwords by specified mask (password generation rule) Depends on options Guaranteed to recover the remaining portion of a password. Good option when some portion of the original password is known. Requires having the exact known portion of the password and its length and specifying the right character set to be searched Password will not be found if a wrong character set, incorrect password length or incorrect known portion of the source password is specified
Combined dictionary. Checks complex passwords (composed of two or more words) by gluing words from several dictionaries Depends on options The only attack that finds long and complex passwords Limited set of field-specific dictionaries, does not take into account peculiarities of non-English passwords (endings, suffixes, etc.) With a large source dictionary, the attack may take considerable time Requires to know in advance that the password being searched for consists of two or more words; relatively slow
Combined dictionary with smart mutation. Same as combined attack, plus mutations Depends on options Same as the previous attack Same as the previous attack. Requires setting additional mutation rules for the passwords to be generated Same as the previous attack; mutations require considerable time
Base-word. Takes advantage of a known base word used for making up the password A couple of seconds if the base-word length is not exceeds 16 characters Good for the cases when you had known the original password but have forgotten its variations, e.g., letter case or trailing numbers Mutation for long passwords (over 16 characters) may take some time Does not always work
Phrase. Same as dictionary attack, except that instead of a word this one checks a phrase, popular expression, excerpts from songs, books, etc. From several minutes up to several hours The only attack against password phrases. Only a small percentage of users use pass-phrases as passwords. Phrase mutation is imperfect; the mutation and analysis take considerable time. Insufficient number of relevant dictionaries; in particular, with non-English phrases and expressions. Does not take into account peculiarities of the language; limited choice of mutations. Difficulty in the creation of specialized dictionaries.
Rainbow tables. Uses precalculated tables Usually several minutes for each password Currently one of the best attacks for recovering the majority of passwords by the time/efficiency ratio Requires tables. Precalculation tables may take much room on a hard drive. It is impossible to recover long passwords using this attack. Cannot recover all passwords simultaneously; generating a new table takes longer than running a brute-force attack. Limited recovery capabilities for long and non-English passwords
Fingerprint. Based on fingerprints that were generated out of the given wordlist. Usually from several hours up to several days Finds complex passwords that were impossible to recover in other attacks Big input wordlist may generate too much fingerprints. The success depends on the input wordlist. The attack may take too much time to complete when setting a big input wordlist.
Hybrid dictionary. It is much similar to simple dictionary attack, except that the password mutation rules are fully customizable and should be set by user. Depend on the source wordlist and rules counter. Usually up to several minutes for a small wordlist. Good for all sorts of variations of common passwords. Cannot recover complex passwords. Fails to find strong (non-dictionary) passwords.
Online recovery searches passwords in Internet. Depends on options set and internet connection speed. Usually less than a minute for a single hash. It is a pretty good alternative tool for finding out simple and frequently-used passwords. Very slow, processes hashes subsequently, feeds a lot of Internet traffic. Fails to find most strong passwords. Does not work when there's no internet connection.
Passcape rainbow tables. Uses specially formed precalculated tables to guess strong and complicated passwords. Several minutes (or even seconds) for each password, depending on table parameters. Actually it is very good and advanced attack for recovering strong and complicated passwords which cannot be cracked in other attacks. A good table precalculation may take much disk space and time. Password recovery success rate greatly depends on input wordlist. Cannot recover all passwords simultaneously; generating a new table takes longer than running a brute-force attack; not all initial wordlists suit well for creating the tables.