Brute force attack is faster than a dictionary attack. When and why?

The user wrote: «I crack ZIP the password in your Passcovery Suite program. Excellent speed of search at attack of a brute force! But it strongly gives at attack according to the dictionary. In what the reason?»

The reason in speed of breaking of ZIP archives with classical encryption.

A dictionary attack will be slower than a brute force attack for formats at high speed of recovery of passwords. The matter is that reading and preparation of passwords from the file of the dictionary demands much more time, than validation of passwords.

That is, at attack of a brute force, passwords to Zip to archives with classical enciphering can get over with a speed in some billion passwords a second (on the good videocard). And at the same time attack according to the dictionary will show only million passwords a second. And when using governed speed drops even lower…

For formats at low speed of restoration (and now it honor all formats) a difference in speed between attack according to the dictionary and attack of a brute force it will not be appreciable as validation of passwords takes more time, than reading/preparation of passwords from the dictionary file.

Formats where attack according to the dictionary will be more slowly, than attack of a brute force:

  • Zip-archives with classical encryption
  • Microsoft Office 97-2003 documents

Formats where speed of attack according to the dictionary will be same as at attack of a brute force:

  • Zip archives with WinZip AES enciphering
  • Rar3/Rar5 archives
  • OpenOffice, Microsoft Office 2007-2016, Adobe PDF documents
  • TrueCrypt volumes
  • Apple iOS/BlackBerry OS backups
  • WPA/WPA2 handshakes

About types of password attacks

Dictionary attack. Passwords are read out from the dictionary file - the usual text file where it is row-wise words passwords are written down. The program for recovery of passwords consistently reads out these words passwords and checks them.

Brute force attack (direct search). Passwords are generated by the program for password recovery from the set of symbols specified by the user and checked right then. Optionally attack of a brute force can use a password mask - a template for creation of passwords.

Passcovery Suite for password recovery

Passcovery Suite restores passwords for files of popular formats. Provides acceleration of search of passwords on the videocards AMD/NVIDIA. Offers enhanced features for carrying out attack according to the dictionary and attacks of a brute force: work scenarios, mutation of the dictionaries, expanded mask. The program restores/deletes a number of passwords instantly.

The demo version for Windows x86/x64 is available on the Passcovery website:

Passcovery Suite Logo Passcovery Suite
for Microsoft Office, OpenOffice, ZIP, RAR, TrueCrypt, Apple iOS, BlackBerry OS, WPA
Download x86
(15608 Kb)
Download x64
(18132 Kb)

For recovery of passwords to Zip archives, Passcovery also offers a separate product:

AccentZPR Logo Accent ZIP Password Recovery
for Zip archives with classical and WinZip AES encryption
Download x86
(7448 Kb)
Download x64
(8916 Kb)