A Brute-Force attack is method of breaking a cipher (that is, to decrypt a specific encrypted text) by trying every possible key. Feasibility of brute force attack depends on the key length of the cipher, and on the amount of computational power available to the attacker. Cain's Brute-Force Password Cracker tests all the possible combinations of characters in a pre-defined or custom character set against the encrypted passwords loaded in the brute-force dialog.


The key space of all possible combination of passwords to try is calculated using the following formula:  


KS = L^(m) + L^(m+1) + L^(m+2) + ........ + L^(M)



L = character set length

m = min length of the key

M = max length of the key


For example, when you want to crack an half of a LanManager passwords (LM) using the character set "ABCDEFGHIJKLMNOPQRSTUVWXYZ" of 26 letters, the brute-force cracker have to try KS = 26^1 + 26^2 + 26^3 + ...... + 26^7 = 8353082582 different keys. If you want to crack the same password using the character set "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/", the number of keys to try rises at 6823331935124.


Exhaustive key search cracking could take a very long time to complete however if the character set is the right one the password will be cracked; its only matter of time.


How it works

The dialog offers the possibility to choose from a set of pre-defined character sets or to input a custom one; the initial password can also be changed for resuming a previous attack. The "Key Rate" field indicates the number of keys that the attack tries every second against all hashes/encrypted passwords loaded. The "Time Left" indicates the remaining time to complete the key space and the "Current password" field shows the actual key tested by the program.


The cracker's list that started the attack is updated when you exit the dialog,  in order to reflect all the passwords found.