There is no magic wand software to uncover encrypted data. Most people don’t expect recovering the password to encrypted documents to be a very slow and resource-intensive process. Below we explain in simple words what the password recovery procedure is and how it works on our cloud service.

How to recover a lost password

Imagine that you have a protected file and accidentally lost the password to it, and you want to restore the password.

First, don’t waste your time trying to find a program for hacking protected files easily, they simply don’t exist. All modern programs like MS Office use cryptographic algorithms to encrypt data; the stability of these algorithms is proved mathematically.

So, the password recovery procedure is a search through a huge number of variants for a suitable password. Just for you to imagine the scale of the work: there are more than 67 quintillion (67 * 1018) variants of 10-character passwords. That number reflects only passwords that were made up of English alphabet letters, numbers and special signs. If there is the Latin alphabet and other symbols to choose from, the number of possible variants will increase even more, so, that even a supercomputer couldn’t handle a direct search (the so-called brute force method) through such a large number of possible passwords within a reasonable period of time, as a testing procedure for each possible password needs complex mathematical calculations that require significant processor time and power. The more complex the encryption algorithm is, the slower the password search process.

Recover passwords by dictionary

But things are not as bad as they seem to be. People usually choose an “easy to remember” password, which makes it easier to recover. A great number of commonly used passwords have a simple, readable form or are compiled according to certain rules. These are common words like “shadow,” pet nicknames, word combinations like “letmein,” words plus numbers like “John1234,” dates of birth, easy combinations of digits like “654321,” letter neighbors on the keyboard like “asdcxz,” and other types of passwords that are easy remember for almost anyone.

There are not many of these types of combinations compared to the 67 quintillion total possibilities, which greatly simplifies our task. At the moment, we have collected a database of more than 20 billion commonly used passwords for brute force cracking. This passwords database gives us a good chance, but it still does not guarantee 100% success. Nevertheless, we successfully find the password in more than half of the cases, which is a good result.

As a bonus for our visitors, we try to recover your password for free with our dictionary of the 3 million most popular passwords. The probability of a successful password recovery is lower than using our large database, but this attempt is carried out almost instantaneously and has a good chance for success.

If a quick search through the most popular passwords is not successful, we use the whole database, which can take up to 24 hours.

Brute force passwords with the mask

If you know the structure of the lost password, you can search through all the passwords using a mask. For example, if you know that the password consists of 8 or 9 characters, starts with “999,” and the remaining characters are letters of the English alphabet in lowercase, that makes the search process much easier. In this case, the total number of all possible variants is 333,629,036. Our computing cluster will brute force such a password in just a few minutes.

Brute-forcing a password with a dictionary is fixed-cost work, but brute-forcing with a mask is a custom task. Please use the custom request page to describe everything you know about the lost password: the expected length and character set, etc. Perhaps you know characters the password begins or ends with. We can create masks with these criteria, calculate the total number of password variants and let you know about the work cost.

Note that it would be pre-paid work and success is guaranteed only if the specified mask parameters were correct. If you make a mistake in the password structure (for example, the password was actually longer and/or contained characters outside the specified set), then the composed mask won’t help to find it. However, the work was done and the payment is not refundable. Use the brute-forcing by mask only when you are sure about the exact password structure!

Can I recover the lost password with my home computer?

Actually, no. Surely, you can try some password recovering programs on your computer, but mind some important facts:

  1. Most of these programs are shareware. In a free mode, they will allow you to search for a password of a very limited length (usually no more than 4 characters). A sophisticated user would successfully try the program and purchase it hoping to crack much longer passwords. But the number of possible variants with longer passwords grows not linearly, but exponentially. For example, cracking a 4-character password searches through only 15 million alphanumeric variants. A 5-character password has 931 million variants (62 times more), and a 6-symbol one has about 58 billion. This is a hard task even for a very powerful computer, so don’t try to crack a 7-character password.
  2. The power of a cracking program is limited by your computer’s resources. In our cloud system, we have a powerful cluster of high-performance GPU-servers. This is a distributed computing system. In other words, passwords are recovered by several powerful servers at the same time, and we can perform work in a few hours that would take months or even years on a modern home computer. For more information, visit the “Our infrastructure” page.
  3. A shareware program doesn’t contain a good password dictionary. All it can do is to produce a combined attack: combining words and numbers from a small dictionary and changing the case of letters. It takes a long time, and it only helps to crack some easy passwords.
  4. Last, but not least, when buying a cracking program, you have to pay in any case, even if the password is not found. We only charge for a successfully found password. Fast, guaranteed and convenient.


That was the basic information about how password recovery works. If you have any questions, visit the FAQ section or contact us. We will be happy to help you!

See also

Copyright © 2017-2018