What to Do When Password Recovery Attacks Stall

August 22nd, 2023 by Oleg Afonin
Category: «General»

Have you ever tried to unlock a password but couldn’t succeed? This happens when the password is really strong and designed to be hard to break quickly. In this article, we’ll explain why this can be a tough challenge and what you can do about it.

I’ve been running a password recovery attack for a while now, and the attack appears stalled. What should I do?

If the attack is taking a long time without success, this means that the data is protected with a strong password that cannot be quickly recovered. Strong passwords are intentionally designed to be challenging to break quickly.

Why is the password difficult to recover?

It the data is secured by a strong encryption algorithm and protected with a robust password, this makes it significantly harder to recover. Software developers use advanced encryption techniques and hashing algorithms to ensure the security of your data. As a result, the process of recovering a password becomes more computation intensive and, therefore, time-consuming.

What steps can I take to increase my chances of recovering the password?

While there are no guarantees, you can take the following steps to improve your chances:

  • Dictionary Attack: Try using a dictionary of the user’s existing passwords and common leaked passwords followed by dictionaries of common words and variations that people frequently use as passwords. For common word dictionaries do use mutations; make sure to use them sensibly as mutations significantly expand the number of password combinations. Do not use mutations for lists of leaked passwords.
  • Advanced Attacks: use any information you have about the password to enhance your efforts. Try extracting the user’s existing passwords from sources such as Web browsers, cloud services (e.g. iCloud Keychain, Google Account, Microsoft Account) and mobile devices.
  • Brute-Force: If the dictionary attack fails, consider a brute-force approach. This involves trying every possible combination of characters until the correct password is found. You can also use “Brute-force with mask” if you know the specific pattern and characters in the password.

How long can a brute-force attack take for complex passwords?

Brute-force attacks can be time-consuming, especially for long and complex passwords. The time required depends on multiple parameters such as the length and complexity of the password, the data format, the type of attack, and resources available to break the password. Be prepared for the possibility that it might take a considerable amount of time to recover the password using this method, and be aware that long and complex passwords may not be discovered at all for the lifetime of the universe.

Can I speed up the recovery process?

Yes, you can accelerate the recovery process by using GPU acceleration. Both NVidia and AMD graphics cards are supported for this purpose. Additionally, you can create a network of computers using Elcomsoft Distributed Password Recovery to build a password recovery cluster, which can significantly speed up the process. Please note that modern data protection practically requires GPU acceleration for recovering any passwords except the unusually weak ones.

Remember, the recovery of a strong password is a challenging task and success is not guaranteed. By following these steps and leveraging the available advanced recovery methods, you’ll be getting the best possible chance to recover the password. If you have further questions or encounter issues, don’t hesitate to reach out to our support team for assistance.

Related articles:

We published numerous articles on the subject.

  • Use The Brute Force, Luke! “There are several methods for recovering the original password ranging from brute force to very complex rule-based attacks. Brute-force attacks are a last resort when all other options are exhausted. What can you reasonably expect of a brute-force attack, what is the chance of success, and how does it depend on the password and the data? Or just “how long will it take you to break it”? Let’s try to find out….”
  • A Word About Dictionaries “Dictionary attacks are among the most effective ones because they rely on the human nature. It is human nature to select passwords that are easily memoizable, like their pet names, dates of birth, football teams or whatever.”
  • Accelerating Computer Forensics: the Low-Hanging Fruit Strategy Though this article doesn’t focus on password recovery directly, its insights are applicable to the field. The method discussed within can aid in accessing secured data without resorting to time-consuming attacks.


Elcomsoft Distributed Password Recovery

Build high-performance clusters for breaking passwords faster. Elcomsoft Distributed Password Recovery offers zero-overhead scalability and supports GPU acceleration for faster recovery. Serving forensic experts and government agencies, data recovery services and corporations, Elcomsoft Distributed Password Recovery is here to break the most complex passwords and strong encryption keys within realistic timeframes.

Elcomsoft Distributed Password Recovery official web page & downloads »