FAQ
Please contact us to ask a question.
Q: My granddaughter changed her Windows password but does not recall what she changed it to. Am I supposed to locate the password file on her PC to use your tool? Basically, after starting your program, I don't know what to do next.
A: Hash Suite is primarily a tool for system administrators and security consultants to audit large sets of password hashes to identify weak passwords. Password recovery is a possible secondary use.
Starting with version 2.0, Hash Suite is able to import local and remote accounts without reliance on any additional tools. This requires administrator privileges.
You can also use one of the PWDUMP tools to obtain the password hashes. This requires either administrator privileges or reboot from a CD that will access the hard drive directly (bypassing the installed copy of Windows). Some programs of both kinds are listed here:
https://www.openwall.com/passwords/pwdump
Q: I just bought the full version, but it won't let me choose length higher than 7 when cracking LM hashes! Is Hash Suite capable of cracking longer passwords from LM hashes?
A: Yes. This apparent length limit is a genuine property of LM hashes, not a limitation of Hash Suite. Due to the way LM hashes use the DES encryption algorithm, it is possible for password crackers such as Hash Suite to split LM hashes into two "halves", which are then processed separately. One of these halves corresponds to password characters 1 through 7, the other - 8 through 14. Thus, only strings of up to 7 characters need to be tested as candidate password halves, which greatly reduces the total number of combinations to test, thereby speeding up attacks. It is possible that during a Hash Suite attack only one of the two halves is already cracked for a password - in that case, Hash Suite will display <<<--- Partial Found --->>> in place of the cleartext password. Once both halves are cracked, Hash Suite will display the full cleartext password - up to its maximum possible length of 14 characters.
Q: What if there is a password of length 15 or longer?
A: Windows does not generate LM hashes for such passwords - it only generates the NTLM hash, which you may crack with Hash Suite (including for length 15 and longer).
Additional information regarding LM hashes may be found in Wikipedia:
https://en.wikipedia.org/wiki/LM_hash
Q: Hash Suite Reports are all "greyed out", they don't work?!
A: You need to install Java, and ensure it's of the same "bitness" as your version of Hash Suite - e.g., if you're using 64-bit Hash Suite, you need to have 64-bit Java runtime for the reports to work.
Q: Why does Hash Suite use only 40% of CPU time on my 12-core server?
A: All multi-threaded programs need code to coordinate the threads. In Hash Suite this is done in key-providers, so only one thread can be executing key-provider code at a given time. This limits performance scalability when the number of cracking threads increases. Look at these numbers for different configurations:
Format | Key-provider CPU usage | Max number of concurrent threads | CPU usage in a 12-core system |
---|---|---|---|
LM | charset: 6.6% | 15.2 | 100% |
NTLM | charset: 1% | 100 | 100% |
NTLM | keyboard: 43.2% | 2.3 | 19% |
NTLM | double: 38.4% | 2.6 | 22% |
NTLM | charset with rules: 1% | 100 | 100% |
DCC | charset: 2.2% | 45.0 | 100% |
Note that key-provider performance varies by CPU, Operating System and other factors. Also note that these numbers are theoretical, whereas actual numbers will be lower. This means that adding more than 2 threads when cracking NTLM hashes with the keyboard key-provider does not increase performance; actually, it may hurt performance.
Solving this problem is a complex task, one we're going to address in the future. Nevertheless Hash Suite, as far as we're aware, is the fastest CPU cracker out there. Most common CPUs (Intel Core 2 or Core i*) have 4 cores or fewer (hyper-threading "cores" do not count for this problem), so this scalability problem currently affects only a relatively small fraction of the Hash Suite user base.
Starting with Hash Suite 2.1 we have solved the problem for NTLM charset, which is the most used key-provider that had this problem.
Q: I'd like to illegally obtain and use a non-free version of Hash Suite free of charge. Are those cracks, serials, and keygens that e.g. a Google web search finds safe to use?
A: OK, we're not really asked that, so it's not literally a FAQ, but we suspect that some people do have this question. The answer is that so-called serial numbers and keygens for Hash Suite cannot actually exist, so websites offering them must be automated scam sites, which are not even targeting Hash Suite specifically, but are blindly adding the "crack", "serial", and "keygen" words to many product titles in an attempt to attract victims. We guess you might be asked to send a premium rate SMS message "to speed up the download" or similar, only to find that at best you don't receive what you expected. The reason why these things cannot exist for Hash Suite is that we do not use any form of copy protection. There are no serial numbers nor keys to input to Hash Suite, nor any way to input them. Instead, Hash Suite Free, Hash Suite Standard, and Hash Suite Pro are three separate builds of the program, with different functionality included in them. Due to substantial differences between the three builds, it's our understanding that any Hash Suite "cracks" are most likely non-existent too. Someone might illegally redistribute a copy of Hash Suite Standard or Hash Suite Pro they had purchased, but there's no good reason why any non-scam website would call that a "crack".