We have to inform that there is no magic wand software to uncover encrypted data. Most people don’t expect recovering the password to encrypted documents to be a very slow and resource-intensive process but it is. Below, we explain in simple words what the password recovery procedure is and how it works on our cloud service.

How to recover a lost password

Let us assume that you accidentally lost the password to a protected file of yours and you want to restore the password.

First, you shouldn’t waste your time trying to find a program for hacking protected files easily because such programs don’t exist. All modern software like MS Office use cryptographic algorithms to encrypt data; the stability of these algorithms is proved mathematically.

So, the password recovery procedure is a long search through a huge number of variants for a proper password. Just for you to imagine the scale of the work: there are more than 60 quintillion (60 * 1018) variants of 10-character passwords. That number reflects only passwords that were made up of English alphabet letters, numbers and special signs. If there is the Greek alphabet and other symbols to choose from, the number of possible variants will increase even more, so, that even a supercomputer couldn’t handle a direct search (the so-called brute force method) through such a large number of possible passwords within a reasonable period of time because a testing procedure for each possible password needs complex mathematical calculations that require significant processor time and power. The more complex the encryption algorithm is, the slower the password search process.

Recover passwords by a dictionary

But things are not as bad as they seem to be. People usually choose an “easy to remember” password, which makes it easier to recover. A great number of commonly used passwords have a simple, readable form or are compiled according to certain rules. These are common words like “shadow,” pet nicknames, word combinations like “letmein,” words plus numbers like “John1234,” dates of birth, easy combinations of digits like “654321,” letter neighbors on the keyboard like “asdcxz,” and other types of passwords that are easy to remember for almost anyone.

There are not many of these types of combinations compared to the 60 quintillion total possibilities, which greatly simplifies our task. At the moment, we have collected a database of more than 20 billion commonly used passwords for brute force cracking. This passwords database gives us a good chance, but it still does not guarantee 100% success. Nevertheless, we successfully find the password in more than half of the cases, which is a good result.

As a bonus for our visitors, we try to recover your password for free with our dictionary of the 3 million most popular passwords. The probability of a successful password recovery is lower than using our large database, but this attempt is carried out almost instantaneously and still has a good chance for success.

If a quick search through the most popular passwords is not a success, then we use the whole database for the search and it can take up to 24 hours.

Brute force passwords with a mask

If you know the structure of the lost password, you can search through all the possible passwords using a mask. For example, if you know that the password consists of 8 or 9 characters, starts with “999,” and the remaining characters are letters of the English alphabet in lowercase, then that makes the search process much easier. In this case, the total number of all possible variants is 333,629,036. Our computing cluster will brute force such a protected file in just a few minutes.

Brute-forcing a password with a dictionary is a fixed-cost work, but brute-forcing with a mask is a custom task. You may use the custom request page to describe everything you know about the lost password: the expected length and character set, etc. Perhaps, you know characters that your password begins or ends with. We can create masks with these criteria, calculate the total number of possible password variants and let you know about the work cost.

Note that it would be a pre-paid work and the success is guaranteed only if the specified mask parameters were correct. If you make a mistake describing the password structure (for example, the password was actually longer and/or contained characters outside the specified set), then the composed mask won’t help to find it. However, the work was done and the payment is not refundable. Use the brute-forcing by mask only when you are sure about the exact password structure!

Can I recover the lost password with my home computer?

Actually, no. Surely, you can try some password recovering programs on your computer, but mind some important facts:

  1. Most of these programs are shareware. In a free mode, they will allow you to search for a password of a very limited length (usually no more than 4 characters). A sophisticated user would successfully try such a program and purchase it hoping to crack much longer passwords. But the number of possible variants with longer passwords grows not linearly, but exponentially. For example, cracking a 4-character password process is a search through only 15 million alphanumeric variants. A 5-character password has 931 million possible variants (62 times more), and a 6-symbol one has about 58 billion. This is a hard task even for a very powerful computer, so don’t even try to crack a 7-character password.
  2. The power of a cracking program is limited by your computer’s resources. In our cloud system, we have a powerful cluster of high-performance GPU-servers. This is a distributed computing system. In other words, passwords are recovered by several powerful servers at the same time, and we can perform in a few hours the work that would take months or even years for a modern home computer to do it. For more information, visit the “Our infrastructure” page.
  3. A shareware program doesn’t contain a good password dictionary. All it can do is to produce a combined attack: combining words and numbers from a small dictionary and changing the case of letters. It takes a long time, and it only helps to crack the easiest of passwords.
  4. Last, but not least, when buying a cracking program, you have to pay in any case, even if the password is not found. We only charge for a successfully found password. Fast, guaranteed and convenient.


That was the basic information about how password recovery works. If you have any questions, visit the FAQ section or contact us. We will be happy to help you!

See Also

Copyright © 2017-2023 LostMyPass.com