| Attack/description |
Time required |
Pros |
Contras |
Limitations |
| Preliminary. A set of light and speedy mini-attacks for finding simple, short or common combinations |
Usually several minutes |
Great quick-find tool for quick recovery of common, simple, short passwords, keyboard combinations, repetitive sequences, etc. Good for finding weak passwords quickly; doesn't require additional settings |
Practically useless for serious analysis, when recovering the majority of complex passwords |
Finds mainly simple passwords |
| Artificial Intelligence. The most advanced way of recovering passwords, based on the methods of social engineering |
Min: 5-6 minutes Max: several days |
The best tool for finding complex passwords. Works great for passwords, words, and combinations that the user stored in the system any time in the past. |
During the most efficient analysis, when all the options are set to the maximum performance, the attack takes considerable time. Finds not all passwords. |
Efficient when running on the original system only (where the passwords were taken) |
| Brute-force. Searches all possible combinations within a specified character set |
Depends on options, several days min. |
The only attack (along with the mask attack) that is guaranteed to recover a completely unknown password. |
Takes considerable time. Hard to guess the right range of characters to be searched. |
May take centuries to search long passwords. Does not find passwords when uses wrong character sets or password length exceeds the one specified |
| Dictionary. Finds password by searching words from predefined dictionaries (word-lists) |
A couple of minutes |
Good and speedy tool for recovering common passwords |
Requires having good dictionaries, does not take into account letter case |
Finds only common passwords only |
| Dictionary with the smart mutation. Same as the simple dictionary attack, except here each word from the dictionary undergoes all kinds of mutations. For instance, appending numbers, changing letter case, deforming (displacing) letters, etc. |
Up to 1000000 times slower than a simple dictionary attack |
Good for all sorts of variations of common passwords |
The maximum (most effective) mutation takes considerable time |
Fails to find strong (non-dictionary) passwords, mutation takes considerable time |
| Mask. Finds passwords by a specified mask (password generation rule) |
Depends on options |
Guaranteed to recover the remaining portion of a password. Good option when some portion of the original password is known. |
Requires having the exactly known portion of the password and its length and specifying the right character set to be searched |
Password will not be found if a wrong character set, incorrect password length or an incorrectly known portion of the source password is specified |
| Combined dictionary. Checks complex passwords (composed of two or more words) by gluing words from several dictionaries |
Depends on options |
The only attack that finds long and complex passwords |
Limited set of field-specific dictionaries. With a large source dictionary, the attack may take considerable time. |
Requires to know in advance that the password being searched for consists of two or more words; very slow |
| Combined dictionary with the smart mutation. The same as combined attack, plus mutations |
Depends on options |
Same as the previous one |
Same as the previous attack. Requires setting additional mutation rules for the passwords to be generated |
Same as the previous attack; mutations require considerable time |
| Base-word. Takes advantage of a known base word used for making up the password |
Usually up to a couple of hours if the base-word length does not exceed 16 |
Good for the cases when you had known the original password but have forgotten its variations, e.g., letter case or trailing numbers |
Mutation for long passwords (over 16 characters) may take some time |
Does not always work |
| Phrase. Same as the dictionary attack, except that instead of a word this one checks a phrase, popular expression, excerpts from songs, books, etc. |
Min several minutes and up to several days |
The only attack against password phrases. |
Only a small percentage of users use pass-phrases as passwords. Phrase mutation is imperfect; the mutation and analysis take considerable time. An insufficient number of relevant dictionaries. |
Limited choice of mutations. Difficulty in the creation of specialized dictionaries. |
| Fingerprint. Based on fingerprints that were generated out of the given wordlist. |
Min several hours and up to several years (depends on the initial dictionary) |
Finds complex passwords that were impossible to recover in other attacks |
Big input wordlist may generate too many fingerprints. The success depends on the input wordlist. |
The attack may take too much time to complete when setting a big input wordlist. |
| Hybrid dictionary. It is much similar to the simple dictionary attack, except that the password mutation rules are fully customizable and should be set by a user. |
Depend on the source wordlist and rules counter. Usually up to several hours for a small wordlist. |
Good for all sorts of variations of common passwords. |
Cannot recover complex passwords. |
Fails to find strong (non-dictionary) passwords. |
English
Russian
