Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Attacking hashes > GPU fingerprint attack
Recovering Windows hashes - GPU fingerprint attack
27.12.2016
Happy New Year!
New Year greetings and holidays discount
27.12.2016
Windows Password Recovery v11.1
Some minor improvements, changes in DPAPI engine
06.12.2016
New blog post
Hash encryption in Windows 10 Anniversary Update
30.11.2016
WPA password recovery benchmarks
New devices

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - GPU fingerprint attack


GPU fingerprint attack is a brand-new tool for recovering complex passwords, which could not be decrypted in a common way. The idea of the attack is that here, to recover a password, we take neither individual words from the source dictionary, like in the Dictionary attack, nor even word combinations, like in the Combined attack, but so-called "fingerprints". So every word from the source dictionary is used for generating several fingerprints. If some password is found during the attack, it participates in generating new fingerprints, and the attack goes another round. Implementing GPU computing power allows to increase the recovery speed drastically. Fingerprint options consist of 4 parts:


General Options

Before launching the attack, specify the source dictionary to be used for creating the fingerprints. The software comes with common.pcd dictionary, optimized for this attack, but you can use yours or download one off the Internet ('Online dictionaries' tab). There are no certain requirements to the source wordlist, except one: the source dictionary must not be too large; otherwise, the attack will take significant time. You can use dictionaries with national passwords, if you suspect that the sought password contains characters in a national encoding.

GPU fingerprint general options

Here is the way the fingerprints are generated: first, a word from the source dictionary is broken into one-character passwords, then - into 2-character, etc. For instance, the source word crazy is broken into one-character fingerprints. So we get::
c
r
a
z
y

Now, into two-character:
cr
ra
az
zy

Next, three-character:
cra
raz
azy

And, finally, four-character:
craz
razy


We have got 5+4+3+2=14 fingerprints, not counting the source word. All word from the source dictionary are broken into fingerprints. After this, all the fingerprints are dumped into a single database, naturally, discarding duplicates. So we have got a database of fingerprints that would be used for checking passwords by gluing all the fingerprints with each other and finding the match.

The real fingerprint generation algorithm is a bit more sophisticated. Moreover, there is an option in the attack settings, Maximize effeciency when generating fingerprints, which maximizes the efficiency (at the expense of speed) by generating additional fingerprints.

Let's take a look at the remaining options.

  • Use PPP engine to generate additional passwords - use passwords found in other attacks when generating fingerprints.
  • Use keyboard and frequently use sequences - add keyboard combinations and common sequences to fingerprint bank.
  • Use dates - add dates to fingerprints.
  • Use numbers and common sequences - use digits and simple combinations of letters.

The most careful attention should be paid to the Loop until no more passwords are found. That is where fingerprint attack can really show itself off. Here is how it works: if at least one password is found during an attack, when the attack is over, the password participates in generating new fingerprints, and the attack runs again. This option works great on large lists of hashes and on password history hashes.



Dictionary generator

The second tab with the settings allows to create and save a custom dictionary using current options of the fingerprint attack. Be careful; the dictionary may take up a lot of space on your PC's hard disk drive.

GPU fingerprint attack - dictionary generator



Online dictionaries

On the third tab, you can download source wordlists for fingerprint attack from the Internet. Be careful, not all the dictionaries suit fine for the attack.

GPU fingerprint attack - online dictionaries



GPU settings

Before you can use it in an attack, you must first select the graphics card in the General Options menu.

GPU fingerprint attack - setting GPU options

GPU configuration is pretty simple and consists of only two parts:

  1. Setting the number of parallel graphics card’s blocks, where passwords would be searched. Typically, each block consists of 256 threads. Thus, if you set the number of blocks to 256, the GPU will run 256*256=65536 threads. The total number of checked passwords for one call to GPU kernel will be 256*ThreadBlocks*PasswordsPerThread. In our case 256*256*1000 = 65 536 000 passwords. It is recommended to always set the ThreadBlocks parameter to a multiple of 64. Setting the value smaller than 256 on modern graphics cards, in the majority of cases, leads to performance degradation.
  2. Setting the number of passwords to be search from a single thread. The greater the value, the lower the overhead associated with launching threads, and the higher the search speed. However, setting too great a value may hang the computer or cause significant fluctuations in the current search speed, displayed on the attack status tab. This is caused by the fact that task completion time on the GPU exceeds the time required for refreshing the current state of the attack. Setting too big numbers may cause a system failure