Questions, requests, partnership, ... We want to provide a high quality service to our customers.
For any questions : hash (AT) OnlineHashCrack (DOT) com

Please be sure to read the following FAQ before asking :)

Frequently Asked Questions

Who are you ? provides a professional service that attempts to recover your passwords.
/!\ We are NOT a hacking website, we do NOT hack/crack websites, and we assume all submitted hashes are for testing purposes only, and obtained in a legal way (pentest for example).

What kind of password ?

We attempt to recover :

  • Windows login password (LM, NTLM)
  • Mac OS X login password
  • MD4 hash
  • MD5 hash
  • SHA1 hash
  • MySQL hash (all versions)
  • WiFi WPA / WPA2 handshakes.

Of course, if you have another algorithm (Joomla, Wordpress, Unix, etc) you can contact us directly.
You can also answer the poll if you want to influence the choice of the next supported algorithm.

How do you do that ?

Our distributed cracking system use several mechanisms : pre-calculated tables, GPU computations, huge wordlists, brute-force, etc.
We provide a system to reverse your hash for password recovering.
This online hash search is FREE for password length < 8 : you can freely try our system !
Benefits :

  • Full charset (see our charsets)
  • Fast (Min : few minutes / Max : 5 days)
  • Many algorithms supported (more than 20)
  • "On demand" service : contact us with your large hash file / special algorithm / whatever , we may help you.
  • Low cost : FREE for length < 8 chars or 4.99€ for others.

Can you guarantee to recover my password ?

No, a strong password having numbers, special characters and long length might not be recovered.
Fortunately we recover a large majority of passwords, and you only pay if the password is recovered.

Is it free ?

- FREE for password length < 8 characters. Example : the password "test12!" will be free. So you can freely test our service.
- For other passwords, it cost 4.99€.

We use a lot of servers and they have a significant cost in terms of time and money. There is a continuous expense in electricity, hosting and hardware maintenance. This revenue goes towards keeping this website & services online.

Are you guys a scam ?!

Instead of a long speech, take a few seconds to consider the evidences that we are not a scam:
- Several customers testimonials.
- "No Crack No Pay" : if we can't recover your password, our story ends here. Test us by sending a fake hash !
- Test our services freely : send us a password whose length is < 8. We will recover it for you freely.

Who would use your services ?

- People who has forgotten their password (e.g: Windows or OSX account passwords)
- IT security experts, penetration testers, etc.
- IT security enthusiasts.


We double check each password before sending you an email, thus we are 100% confident that the password is correct.
However, for any reason, if you are not satisfied with the service, contact us and we will check again with you.

How long will a crack take ?

Min : few seconds / Max : 5 days

Why choose you ?

We have the experience and resources required to recover your hashes.
Here are several customers testimonials.

How do I retrieve/extract a hash ?

Depending of your system, please read our "how to" tutorials on the right side menu.

How will I know when you recover it ?

As soon as your password is recovered, we send you an email with the link to get the password.

What does "Not found" and "In progress" mean ?

Three states are possible :
- "Cracked" : we successfully recover your hash or WPA password :) We sent you an email, please check your inbox or spam folder.
- "Not found" : we cannot recover it, the password may be too complex. However if you have any hints about it (length / charset / keyboard used / algorithm / ...) you can contact us, we can check again.
- "In Progress : X%" : we are currently working on the task. At this state nobody on earth knows if the crack will be successful or not : no need to contact us, just wait you'll receive an email if recovered :)

What does "HEX[xxxxx] mean ?

It's the hexadecimal encoded representation of your password. Why ? Because your password contains non-ascii and/or non-printable character, that's why we surronded it by "HEX[]".
Copy the hexadecimal string into a hexa-to-ascii converter (google can help you). Or look at this table
Such unicode characters can be written with a keyboard with this manipulation.


We delete uploaded WPA capture files once the process (successful or not) is finished. We do not keep any log or any file related to your upload.
For hashes (LM, NTLM, MD5,...) we just keep the hash, the password, and your email (in order to notice you chen the task is done).
You can delete these information from our databases : just contact us :)