Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Attacking hashes > Phrase attack
Recovering Windows hashes - phrase attack
19.10.2017
New blog post
Farewell to Syskey!
11.10.2017
Wireless Password Recovery 4.2.5
Support for NVidia Volta
04.10.2017
Office password recovery tools
Support for new GPU devices, some improvements
22.09.2017
Reset Windows Password v8.0
Support for domain cached credentials, new bootable environment

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - phrase attack


More and more users choose to make up their pass phrases of entire phrases, passages from poems, movie aphorisms, Latin aphorisms, etc. Attempting to recover such passwords using the traditional techniques is unthinkable, even with the reference to the advancement of the computing power of modern computers. Therefore, the recovery help comes with the predefined and known phrase attack.

Pass-phrase attack is by much similar to the simple dictionary attack, except that here the password search goes phrase by phrase instead of going word by word. The main idea of the attack is to guess the right password by searching through predefined frequently used expressions, phrases and word combinations.

For example, if the sought password is made of the widespread phrase 'To be or not to be', it is obvious that this is the only attack that has the virtue to cope with such a password. In order to do that, you are to specify a special pass-phrase dictionary. A simple phrase dictionary comes with the software, but you can also download the online dictionaries that were compiled specifically for this attack.

It wouldn't be an overestimation to say that 99 percent of the success in the recovery of a password with a dictionary attack depends on the quality of the dictionaries. Most likely, that is the reason why this type of attacks doesn't appear in just about any password cracker. Passcape Software allows utilizing a whole set of online and offline dictionaries (totally over 1.5 GB) compiled specially for this type of attack.

For example, many users make their passwords of excerpts from their favorite songs or music bands. That's why we have created special, unique (you won't find anything like that anywhere on the Net!) music-oriented key phrase sets. There's also a biblical set, movie phrases, proverbs, etc.

Windows Password Recovery comes with a short dictionary of phrases and aphorisms.


Phrase dictionaries

Phrase wordlists

The password-phrase attack options almost completely repeat the simple dictionary attack options: here, you also are to select one or several dictionaries for the phrase source, it also allows loading additional dictionaries from the Passcape website, and it has the same way for setting phrase mutation rules (creating alternative options).



Phrase mutation

Pass-phrase generation rules

Mutation is worth saying more, since as you should have known strong mutation significantly raises chances for the successful recovery. Weak mutation is normally justified in only one case: for increasing the attack speed or when using dictionaries of large sizes. Medium mutation is a normal balance between the operating speed and the number of generated password phrases. Strong mutation allows finding more difficult passwords by generating the widest range of all possible combinations, to the prejudice of the search speed. The greater is the mutation level, the more passwords the attack will cover. For instance, English phrases typed using the national keyboard layout, abbreviations, etc.

Major difference in mutation levels:

  • Weak - simplest thus fastest mutations.
  • Normal - the same as Weak, but generates several additional mutations and case combinations.
  • Strong - the same as normal plus more mutations and national passwords (according to the installed keyboard layouts, if any).
  • Ultra light - this is a 2-step mutation because every generated in Weak mode password goes through the second mutation round (one used in Weak mode of the simple dictionary attack).
  • Ultra normal - 2-step mutation. Every password generated in Normal mode is used as a source to generate additional combinations by implementing additional Normal mutation level.
  • Ultra hard - every password generated in Strong mode is used as a source to generate additional combinations by using additional Strong mutation level.
Be careful! Ultra modes generate a great number of passwords, thus the attack may be ran extremely slow. To speed up the attack, consider setting up input phrase limits. For example, you can limit input phrases to 10 words and 100 characters.


Dictionary generator

Phrase dictionary generator

The third tab uses for creating pass-phrase dictionaries.